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future  IT  workforce  is  learning  to  love  what  computers  can  do. 
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spend,  there's  a  growing 
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better  answer  to  the  big 
question  in  security.  Here 
are  five  steps  that  can  help. 
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■  EDITOR'S  NOTE 

Don  Tennant 


Who’s  Anticompetitive? 

strategies.  The  difference 
is  that  Microsoft  has  a 
subsidiary  in  Caracas.  In 

THE  MORE  I  think  about  it,  the  more  annoyed  I  get.  Cuba- its not even allowed 

to  compete. 

There’s  just  something  fundamentally  wrong  when  i  posted  an  earlier  ver- 

a  U.S.  company  isn’t  allowed  to  compete  in  a  mar-  s“h‘sn^lTew"„ 
ket  where  the  rest  of  the  world  is  free  to  benefit  insightful  comment  from  a 

from  commercial  engagement  and  entrepreneurism.  worid  h^cC^3* 

The  market  I’m  refer-  i  “Frankly,  from  a  Cuba  i  the  past,  and  Microsoft  has  “When  we  left  Vietnam, 

ring  to  is  Cuba.  I  really  perspective,  Cuba’s  not  a  reaped  the  financial  ben-  we  thought  it  was  lost 


than  U.S.  companies,  in- 

cording  to  an  Associated 

companies  from  benefiting 

eluding  Microsoft. 

Press  report,  Communi- 

from  the  changes  that  have 

No  doubt,  Microsoft 

cations  Minister  Ramiro 

occurred  there.  We  are 

products  have  been  widely 

Valdes,  who  opened  the 

truly  the  last  bastion  that 

used  in  Cuba  for  years. 

conference,  suggested  that 

has  failed  to  recognize  that  ; 

And,  no  doubt,  the  great 

Microsoft  was  cooperating 

the  ghost  of  Khrushchev 

;  that  operates  in  Latin 

majority  of  those  products 

with  US.  military  and  in¬ 

is  gone.” 

;  America  —  they  would 

are  pirated.  Microsoft  has 

telligence  authorities,  and 

He’s  right.  And  that’s  not 

!  probably  know  if  there  is 

been  able  to  effectively  ad¬ 

he  proclaimed  that  IT  is  a 

alL  There’s  a  certain  irony 

j  anything  going  on." 

dress  the  piracy  problem 

battlefield  on  which  Cuba 

in  the  U.S.  government 

1  Now,  one  could  argue 

in  countries  like  China, 

is  fighting  imperialism. 

thwarting  competition  at  ; 

that  the  head  of  Micro- 

where  our  government  al¬ 

That  event  was  remi¬ 

the  expense  of  companies 

|  soft’s  global  partner  op- 

lows  it  to  operate  despite 

niscent  of  a  March  2006 

such  as  Microsoft.  Looking  ! 

market  activity 
involving  the  company's 
products,  at  least  with 
respect  to  its  business 
partners.  But  you  have  to 
give  Watson  credit  for  her 
candor  in  acknowledging 
that  she  didn’t  know. 

The  second  part  of  Wat¬ 
son’s  response  is  what  re¬ 
ally  intrigued  me,  though. 


■  The  difference 

■  A|_  _4  i|in,  nnnft 

is  trial  Microsoft 
has  a  subskfiaiy  in 
Caracas.  In  Cuba, 
it's  not  even  al¬ 
lowed  to  compete. 


technology  ministry  to  ment  has  famously  taken 
promote  the  use  of  open-  against  Microsoft  seem 
source  software  instead  of  awfully  hypocritical.  ■ 
Microsoft  products.  Anti-  Don  Tennant  is  editorial 
American  rhetoric  is  at  director  of  Computerworld 

least  as  harsh  in  Venezuela  and  InfoWorid.  Contact 
as  it  is  in  Cuba,  and  it  has  him  at  don_tennant@ 


Hugo  Chavez  decreed  that  blogs.computerworld.com/ 
all  public  institutions  there  I  tennant. 
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Middle  Managers  Hate 
To  Deliver  Bad  News 

I  found  Don  Tennant’s  July  14 
Editor’s  Note.  “Insight  and  Denial,” 
interesting  and  accurate,  but  I’d  like 


At  one  meeting,  I  and  another 
subject-matter  expert  expressed 
grave  concern  about  a  key  com- 


I’d  like  to  think  the  troops  want 
to  be  honest,  but  the  people  in  the 
middle  often  act  as  the  filters  that 


The  Importance 
Of  Camaraderie 


ness  model  around  the  initiative 
was  unachievable. 

The  initiative  was  a  pet  project 
of  the  director  and  one  of  his  key 
colleagues.  So,  at  the  meeting,  our 


camaraderie  that  I  miss  the  most. 

If  I  am  able  to  grow  my  present  IT 
department  to  that  size  someday,  I 
will  make  it  my  highest  priority  to 
promote  the  type  of  environment 
that  has  been  developed  by  the 
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When  Security 
Staffers  Fail  Up 

Think  your  security  staffers  are  trustworthy? 


professional  for  horror  stories,  and  you  might 


Transforming  the 
Data  Center  From  Hell 


Are  You  a  Twit?  Us,  Too! 


Build  a  Two-Screen 
Workstation  for 
$230  or  Less 

if  you  want  to  expand  thtvMuaicapabati» 
of  your  laptop -and  booet  your  productivity 


Not  separate  systems. 


Software  for  connectivity  and  speed. 


If  you  want  the  highest  performance  from  connected 
systems,  work  with  InterSystems  Ensemble®  software. 

This  rapid  integration  platform  has  a  technology  stock 
that  includes  the  world's  fastest  object  database  - 
InterSystems  Cache®.  Cache’s  lightning  speed,  massive 
scalability,  advanced  object  technology,  and  rapid  develop¬ 
ment  environment  give  the  Ensemble  platform  unmatched 
capabilities.  Ensemble  users  who  have  switched  from 
other  integration  products  report  they  can  create 
integrated  solutions  in  half  the  time,  and  their  message 
processing  is  twice  as  fast 


In  addition,  end-to-end  management  is  vastly 
simplified  because  the  embedded  Cache  database 
provides  a  repository  for  every  message  generated,  and 
for  the  current  state  of  every  business  process.  Thanks  to 
its  robust  database  engine,  Ensemble  messages  are  never 
lost,  and  an  interrupted  business  process  can  always 
restart  from  the  point  of  interruption. 

For  30  years,  we’ve  been  a  creative  technology  partner 
for  leading  enterprises  that  rely  on  the  high  performance  of 
our  products.  Ensemble  and  Cache  are  so  reliable  that  the 
world's  best  hospitals  use  them  for  life-or-death  systems. 


interSysps 


See  product  demonstrations  at  InterSystems.com/Connect5A 


Brocade  Tates 
Aim  at  Cisco  with 
$3B  Foundry  Deal 


net]  fabric  really  does  come 
true,"  he  added,  “there  are 
really  only  two  vendors 
[now].” 

Greg  Schulz,  an  analyst 
at  StoragelO  Group  in  Still¬ 
water,  Minn.,  agreed,  noting 
that  the  combined  company 
would  be  the  only  alterna¬ 
tive  to  Cisco  for  networking 
tools  that  reach  from  the  In¬ 
ternet  to  the  data  center. 


With  Your  Push  To  Talk. 

MAKE  THE  SWITCH  TO  VERIZON  WIRELESS. 

Make  your  business  instantly  more  productive  by  upgrading  to  the  only  Push  to  Talk  service 
that  comes  with  the  Verizon  Wireless  Network  and  its  reliable  voice  service,  coast-to-coast 
coverage  and  24/7  customer  service.  Verizon  Wireless.  The  smart  choice  for  Push  to  Talk. 


Call  1 .800.VZW.4BIZ  Click  verizonwireless.com/pushtotalk  Visit  a  Verizon  Wireless  i 


■  NEWS  DIGEST 


SAP  Opts  to  Shutter 
TommorrowNow 


close  its  Tomorrow- 
Now  Inc.  subsidiary  later 
this  year,  after  failing  to 
find  a  buyer  for  the  support 

TommorrowNow  has  . 
been  entangled  in  legal 
troubles  since  March  2007. 
when  Oracle  Corp.  filed 
a  lawsuit  contending  that 
the  SAP  unit  had  illegally 
downloaded  support  data 
from  Oracle's  Web  site. 
Four  months  later,  SAP 


Now's  top  executives. 

“It  would  have  been 
an  extremely  complex 
transaction  for  the  seller 
and  buyer  because  of  [the 
lawsuit].  Therefore,  we  de¬ 
cided  to  close  down  opera¬ 
tions,"  the  spokesman  said. 

Attorneys  represent¬ 
ing  Oracle  in  the  lawsuit 
against  SAP  estimated  last 
month  that  damages  in  the 
case  could  surpass  SI  bil¬ 
lion.  A  trial  is  scheduled  to 


begin  in  February  2010. 

SAP  said  it  plans  to  help 
TomorrowNow's  225  cus¬ 
tomers  find  new  support 
vendors  before  it  formally 
closes  the  subsidiary  on 
Oct.  31.  The  spokesman 
said  SAP  will  recommend 
multiple  options,  “including 
choosing  Oracle  support." 

TomorrowNow  provides 
maintenance  and  support 
for  Oracle’s  applications, 
including  PeopleSoft, 

Siebel  and  J.D.  Edwards 
products.  SAP  acquired  the 
firm  in  2005. 

Ray  Wang,  an  analyst 
at  Forrester  Research 
Inc.,  said  that  while  the 
Oracle  lawsuit  was  likely 
a  key  reason  for  closing 


Short 

Takes 


. ,  nounces  it  will  shut  down  .  .. 

nouncement  coincided  wtth  TnmnrrnwNnw  hv  Oct  31  I  —  Brian  Fonseca,  with  Peter 
the  resignation  ofTomorrow-  I  I  Sayer  of  the  IDG  News  Service 


TSA  Leans  on  Bl  to  Save 
S100M  Over  Two  Years 


THE  FEDERAL  Transportation 
Security  Administration  (TSA) 
last  week  said  it  estimates 
that  its  use  of  business  intel- 


workers  will  have  saved  it  about 
S100  million  over  a  two-year 
period  ending  this  fall. 

The  agency's  Performance 


Bl  reporting  and  analytics  tools 
from  MicroStrategy  Inc.,  allowed 
the  TSA  to  streamline  operations 
and  significantly  cut  worker 

2006  and  October  2008.  a 
spokesman  said. 

The  TSA  installed  the  system 
in  November  2004.  PIMS  col¬ 
lects,  analyzes  and  reports  pas¬ 
senger  and  baggage-screening 


data  and  provides  operational 
performance  metrics  to  manag¬ 
ers.  PIMS  also  analyzes  payroll 
data  and  TSA  staff  utilization. 

The  agency  said  it  uses  the 
system  to  run  1  million  reports 
annually  for  12,000  internal 


noted. 

Wayne  Eckerson,  director  of 
research  and  services  at  The 
Data  Warehousing  Institute, 
said  the  focus  on  metrics  allows 
the  TSA  to  avoid  getting  “ham¬ 
strung"  because  it  doesn't  rely 
on  intuition  to  make  decisions 
or  have  information  stored  in 
disparate  spreadsheets,  data 
marts  and  reports. 

-  HEATHER  HAVENSTEIN 


■  NEWS  DIGEST 


SAP  Opts  to  Shutter 
TommotrowNow 


SAP  said  it  plans  to  help 
TomorrowNow's  225  cus¬ 
tomers  find  new  support 
vendors  before  it  formally 
closes  the  subsidiary  on 


unit,  but  he  acknowledged 
that  the  legal  issues  were 
complicating  efforts  to 
find  a  buyer  for  it.  SAP  had 
disclosed  last  November 
that  it  was  looking  to  sell 
TomorrowNow.  The  an¬ 
nouncement  coincided  with 
the  resignation  ofTomorrow- 


“Ut  was]  a  lesson  learned 
in  terms  of  acquisition  and 
business  model” 

Despite  the  problems, 
SAP  could  have  made  a  suc¬ 
cess  of  TommorrowNow, 
given  the  demand  for  third- 
party  support  Wang  added. 
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A  federal  judge  in 
Seattle  sentenced 

,  known  as 
the  "spam  king.”  to  47 
months  in  prison  for  send¬ 
ing  massive  volumes  of 
junk  e-mail.  Prosecutors 
say  Soloway  earned  more 
than  S700.000  in  three 
years  from  the  spamming 
activities. 


j  2008  Web  Site  of  the  Year,  from  i 
!  the  American  Society  of  Business  ! 
I  Publication  Editors.  Gompufemodd  I 
!  also  won  gold  awards  for  Web  ! 
!  features,  government  coverage.  ! 
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Information  Management 


Watch  the  Information  On  Demand  video  at: 
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U.S.  military,  that  so-called 
cloud  computing  is  “going  to 
be  the  way  [to  go]  —  it  has 
to  be.  We  have  to  get  to  this 
standard  environment  that 
is  provisionable  and  scal¬ 
able,"  Garing  said. 

In  fact,  he  said  that  DISA 
plans  to  soon  deploy  a 
system  that’s  similar  archi¬ 
tecturally  to  Amazon.com 
Inc.’s  Elastic  Compute  Cloud 
technology,  a  Web-based 
service  that  lets  users  quick¬ 
ly  scale  up  their  processing 
capabilities. 

DISA’s  system,  called  the 
Rapid  Access  Computing 
Environment,  or  RACE,  is 
slated  for  launch  in  Octo¬ 
ber,  the  start  of  the  federal 
government’s  fiscal  year. 

Garing  said  he  was  also 
impressed  with  Google 
Inc.’s  process  of  moving 
strong  new  product  ideas 
from  the  laboratory  to  beta 
testing  to  real  users  in  just  a 
few  months. 


Global 

Dispatches 

Radar  Hit  by  Faulty 
NetwwfcCard 

DUBLIN -A  faulty  network 


Computerworld  U.K. 

E-health  Research 
Gets  $20M  Boost 

BRISBANE,  Australia -The 


through  2012. 

The  five-year-old  opera¬ 
tion,  based  at  the  University  of 
Queensland's  Centre  for  Clini¬ 
cal  Research  at  the  Royal  Bris¬ 
bane  and  Women's  Hospital,  is 
i  of  the  Common- 


(S64  million  U.S.)  contract 
to  Unisys  Corp.  to  create  and 
manage  a  WAN  to  connect 
more  than  1,000  sites.  The 
Kent  Public  Service  Network 
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See  why  companies  of  all  sizes  are  tossing  out  their  cables  for  IBM  BladeCenter: 

IBM.COM/TAKEBACKCONTROL/BLADES 


expected  to  be  the  first  to 
take  on  hybrid  computing 
commercially. 


Hybrid  Systems  On 
Course  to  Speed 
Corporate  Apps 

Firms  in  some  industries  could 
use  petaflop  performance  to 
perform  complex  calculations. 

By  Sharon  Gaudin 


Sony  Computer  Entertain-  enhanced  performance 

ment  Inc.,  to  handle  high-  boost  may  be  just  what  the 
performance  computations  CIO  ordered, 

for  video  games.  That  Steve  Conway,  an  analyst 

also  makes  it  will  suited  at  research  firm  IDC,  noted 

to  handle  other  complex  that  some  companies  have 
calculations,  and  “bitwise”  turned  to  multicore  proces- 

operations  like  generating  sors  for  added  performance 

random  numbers.  but  have  found  that  applica- 

The  well-publicized  tests  tions  and  calculations  are 
have  attracted  the  attention  running  more  slowly  than 
of  IT  managers  in  a  variety  they  did  using  single-core 


the  corresponding  rise  in 

!  HEN  YOU’RE  i  a  hybrid  machine  that  will  energy  demands, 
dealing  with  provide  the  scientists  with  The  companies  that  are 

nuclear  weap-  a  lot  more  power  — 1.026  generally  out  in  front  of 


ons,  figuring  quadrillion  calculati 


them  out  fast  is  Job  One. 
For  scientists  at  Los  Alami 
National  Laboratory,  that 


new  technologies  —  finan-  [Computer  makers]  need  to 
cial  services  firms,  phar-  do  something,  [so]  they’re 
maceutical  manufacturers  adding  accelerators.” 
and  petroleum  giants  —  are  Dan  Olds,  an  analyst  at 
Gabriel  Consul ' 


In-Stat,  warned  that  despite 
the  benefits  of  the  technol¬ 
ogy  for  some  commercial 
applications,  such  imple¬ 
mentations  could  be  rocky 

“It  can  be  an  IT  night- 


"ontinued  from  page  12  i  accelerators  to  I 

Ortigosa,  director  of  geo-  with  general-pc 

physics  at  the  Madrid-based  for  commercial 


hybrid  system  but  sales  for  th 

n  a  combination  of  will  likely  pick 

’owerPC  processor  coming  month 


Cell  processor,  Ortigosa  shipping  its  first  hybrid 
said.  Slated  to  be  up  and  laptops  —  the  Qosmio  G5S 
running  early  this  fall,  the  line  —  which  run  a  Cell  chip 
system  is  expected  to  have  and  an  Intel  Core  2  Duo 
a  peak  performance  of  processor  and  list  for  under 

120  teraflops,  which  likely  $2,000.  Toshiba  has  dubbed 


puting  for  some  tune,  noted  single  chip  containing  both 
Jack  Dongarra,  a  professor  a  processor  and  an  accelera 
a  business  of  managing  I  at  the  University  of  Ten-  [  tor.  Patricia  Harrell,  direc- 
risks.  It  is  very  difficult  to 


bility  in  desktop  and  strategy  for  what  work  will 
umer  systems”  in  five  be  handed  off  to  the  [ac- 
years,  Harrell  said.  “It  celerator].  A  portion  of  each 
be  pervasive."  application  has  to  be  rewrit- 

e  said  that  AMD  will  ten,”  Morrison  explained. 
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City  Missed  Steps  to 
Avoid  Network  Lockout 


IT  can  set  rules  to  prevent 
disgruntled  employees  from 
causing  havoc,  execs  say. 

By  Jaikumar  Vijayan 


THE  HIGH-PROFILE 

sabotage  this  month 
of  the  city  of  San 
Francisco’s  fiber 
backbone  network  dearly 
shows  both  the  extent  of 
damage  a  disgruntled  em¬ 
ployee  can  cause  and  the 
need  for  controls  to  mitigate 
the  risk  of  such  actions. 

City  officials  lost  admin¬ 
istrative  control  of  the  net¬ 
work's  routers  and  switches 
for  more  than  a  week  after 
an  IT  worker  allegedly  reset 
passwords  and  refused  to 
reveal  them  prior  to  and  af¬ 
ter  his  arrest  on  July  13. 

Terry  Childs,  a  network 
administrator  in  the  dty's 
Department  of  Telecom¬ 
munications  and  Informa¬ 
tion  Services  (DTISX  was 
charged  with  locking  up 
the  network  and  with  plant¬ 
ing  network  devices  that 
enabled  illegal  remote  ac¬ 
cess  to  the  network.  The 
FiberWAN  system  carries 
almost  60%  of  the  dty  gov¬ 
ernment's  traffic. 

He  revealed  the  pass¬ 
words  to  Mayor  Gavin 
Newsom  last  Monday,  but 
the  administrators  remained 
locked  out  of  the  dty’s  VoIP 
system  and  some  depart¬ 
mental  LANs  late  last  week. 

Users  and  analysts  in¬ 
terviewed  last  week  said 
that  the  dty  could  have 
avoided  the  recent  turmoil 
by  implementing  stronger 


configuration  management 
techniques  along  with  proc¬ 
esses  that  could  quickly  de¬ 
tect  when  someone  was  at¬ 
tempting  to  bypass  network 
controls. 

“I  am  completely  floored 
that  it  [would  take]  so  long 
to  restore  access  to  the 
equipment,”  said  Jim  Kirby, 
senior  network  engineer  at 
Dataware  Services,  a  Sioux 
Falls,  S.D.-based  IT  services 
provider.  “Unless  they  have 
some  crazy  uptime  require¬ 
ment  that  prevents  them 
from  rebooting  gear,  it’s 
hard  to  understand." 

Kirby  suggested  that  any¬ 
time  it  takes  more  than  48 
hours  to  restore  access  to  a 
locked-down  network,  that 
indicates  that  “basic  net¬ 
work  administration  stan¬ 
dards"  are  not  in  place. 

Johannes  Ullrich,  chief 


technology  officer  at  the 
Bethesda,  Md.-based  SANS 
Institute’s  Internet  Storm 
Center,  noted  that  even 
though  insider  threats  are 
difficult  to  control,  strong 
network  configuration  man¬ 
agement  processes  and  a 
policy  of  separating  duties 

In  this  case,  the  city’s  in¬ 
ability  to  regain  access  to 
the  network  for  at  least  10 
days  suggests  that  San  Fran¬ 
cisco  has  no  backup  copies 
of  its  network  configuration 
blueprint. 

Strong  configuration 
management  processes 
ensure  that  “an  alert  is  sent 
whenever  a  configuration  is 
changed,”  Ullrich  said. 

The  San  Francisco  inci¬ 
dent  should  also  convince 
IT  that  two  or  three  admin¬ 
istrators  must  understand 
the  full  network  configura¬ 
tion  and  jointly  control  the 
passwords,  said  John  Pesca- 
tore,  an  analyst  at  Gartner 
Inc. 

He  suggested  that,  at  a 
minimum,  password  in¬ 
formation  should  be  docu¬ 
mented  and  stored  for  easy 


access  by  an  organization’s 
privileged  administrators. 

Lou  Michael,  director  of 
network  and  infrastructure 
services  in  Virginia’s  Ar¬ 
lington  County  department 
of  technology  services,  said 
his  organization  has  a  long¬ 
standing  practice  of  keeping 
passwords  with  multiple 
administrators. 

Meanwhile,  Ron  Vinson, 
deputy  director  of  San  Fran¬ 
cisco’s  DTIS  operation,  said 
last  week  that  the  agency 
has  started  preparing  a 
systemwide  analysis  to  de¬ 
termine  the  extent  of  Childs’ 
activities. 

Vinson  acknowledged 
that  by  late  last  week,  mu¬ 
nicipal  IT  managers  had 
still  not  determined  exactly 
how  many  devices  were 
illegally  installed  on  the 
WAN  to  enable  remote 
access. 

Arshad  Noor,  CEO  of 
StrongAuth  Inc.,  a  Cuper¬ 
tino,  Calif.-based  supplier 
of  compliance  and  identity 
management  products,  said 
the  San  Francisco  incident 
points  to  a  failure  by  the 
city’s  IT  managers. 

“All  in  all,  IT  manage¬ 
ment  is  responsible  for  this 
mess,  because  it  was  their 
mandate  to  avoid  this  situ¬ 
ation,”  Noor  said.  “While 
Terry  Childs  might  pay  for 
this  situation  through  jail 
time  or  fines,  management 
cannot  be  absolved  of  their 
responsibility.” 

Childs,  43,  continues 
to  be  held  in  a  city  jail  on 
$5  million  bail  after  his 
request  to  reduce  the  bond 
was  rejected  last  Wednes¬ 
day. 

Childs  has  pleaded  not 
guilty  to  multiple  charges  in 
connection  with  the  case.  A 
j  pretrial  hearing  has  been  set 
§  for  Sept.  24.  ■ 

I;  Robert  McMillan  of  the  IDG 
I  News  Service  contributed  to 
I?  this  story. 
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THOUGHTS  ON  THE  EVOLUTION  OF 
THE  DATA  CENTER 

Server 

virtualization? 

How  about 
data  center 
virtualization? 


BROCADE:  THE  FIRST  STEP  IN  DATA  CENTER  VIRTUALIZATION 


BROCADE 
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that  old  security  problems 
didn’t  get  fixed  and,  worse 
vulnerabilities  were  introduc 


n 


The  Project’s  the  Assembly  Line 

TN  AN  information-driven  service  economy,  projects  are  the  founda¬ 
tions  of  business.  So  says  Douglas  Clark,  CEO  of  Metier  Ltd.  in  Ar¬ 
lington,  Va.  He  argues  that  in  an  era  when  business  success  depends 
on  bringing  ideas  to  market  quickly,  project  management  is  akin  to 
building  and  managing  a  manufacturing  plant  in  days  gone  by. 


“The  project  is  the  new  assembly 
line,”  he  says. 

Yet  most  projects,  especially  in  IT, 
fail  to  meet  expectations.  The  rea¬ 
sons  are  manifold,  but  Clark  points 
to  a  market  dominated  by  Microsoft 
Project,  software  that's  fine  for  sched¬ 
uling  but  little  more.  He  says  a  sched¬ 
ule  doesn’t  reveal  the  process,  with  all 
its  interrelations  and  logic.  For  that, 
you  need  a  full-blown  project  portfo¬ 
lio  management  application. 

Not  surprisingly,  Clark  claims  that 
Metier’s  Web-based  WorkLenz  sub- 

I  as  complete  a  PPM 
I  offering  as  you  can 


tion,  uses  Project 
Management  Insti¬ 
tute  best  practices 
in  areas  like  budget 
calculation  and  risk 


He  likens  its  algorithms  to  “as¬ 
sistants"  for  project  managers.  For 
example,  you  can  use  the  product's 
duration  estimator  to  forecast  how 
long  a  project  will  take  based  on  the 
complex  mix  of  resources  available. 

Next  year,  Metier  intends  to  re¬ 
lease  an  algorithm  tentatively  called 
Builder  that  will  create  entire  proj¬ 
ects  based  on  past  project  data.  And 
it’s  developing  3-D  visualization  fea¬ 
tures  for  reporting  on  project  status. 

Pricing  starts  at  $10  per  user. 

Many  Myopic  Eyes 

Open-source  proponents  claim  that 
the  Law  of  Many  Eyes  leads  to  higher- 
quality,  more  secure  code:  Because 
anyone  can  view  the  source  code, 
find  problems  and  report  back  to  the 
community,  you  get  better  software. 

But  Fortify  Software  Inc.  in  San 
Mateo,  Calif.,  has  analyzed  11  popu¬ 
lar  open-source  software  products, 
and  the  news  is  not  good.  According 
to  Jacob  West,  manager  of  Fortify’s 


velopers  are  doing  more  to  develop 
good  development  processes  and 
that  without  augmenting  the  Law  of 
Many  Eyes,  the  open-source  process 
is  unlikely  to  deliver  secure  code. 

Destroy  HDDs  Quickly 

OK,  you’ve  just  finished  rolling  out 
new  PCs.  What  are  you  going  to  do 
with  all  those  old  hard  disk  drives 
loaded  with  sensitive  information? 

Most  companies  use  software  to 
overlay  random  bits  repeatedly.  Oth¬ 
ers  prefer  the  physical  approach  and 
drill  holes  through  the  platters. 

_  __  David 


staring  at  thousands  of  drives.  His 
solution?  Magnets. 

TWo  big,  honkin'  magnets,  to  be 
precise,  installed  in  Fujitsu’s  Mag 
Erasure  P3M.  According  to  Luong, 
you  place  a  drive  in  the  300-pound 
unit,  turn  the  hand  crank  for  IS  sec¬ 
onds,  and  voili  —  all  of  the 
data  and  the  read/write 
head  are  destroyed,  meet-  ©  MORE  ■ 

ing  National  Security  iJjSSSy! 

Agency  standards.  jtyOnl»M» 

Pricing  starts  at  I 

$40,000.  ■  L 


Nominate  Your 
Case  Study  Today! 

Computerworlds  Green  IT  Symposium,  is  seeking 
IT  user-organization  case  study  submissions  for  its 
Green  IT  Awards  Program 


Computer  world's  Green  II  Symposium  on  September  IB.  200B.  at  the 
Gaylord  National  Resort  and  Convention  Center  in  National  Haibm.  MD 

•  ROI  in  Green  Computing 

•  Best  Practices  in  Energy  Efficient  Computing 

•  Green  IT  in  the  Data  Center 

•  Reducing  IT  Complexity  Increases  Green  IT 

•  IT  Leadership  in  Embracing  Change  with  Green  IT: 

Corporate  Responsibility 


www.greeiiitsyiiipositini.com/awards.asiix 
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Ira  Winkler 

The  security  maven  talks  about  how 
information  security  differs  from 
computer  security,  why  ‘awareness’ 
isn’t  enough,  and  when  grandma’s 
computer  has  to  be  shut  down. 


National  Security  Agency,  where  he 
combined  computer  systems  analysis  and 
intelligence  analysis.  He  is  founder  and 
president  of  Internet  Security  Advisors 
Group.  When  Hewlett-Packard  Co.  ac¬ 
quired  ISAG  in  2001,  Winkler  served  as 
chief  security  strategist  for  HP  Consult¬ 
ing.  He  is  the  author  of  several  books, 
including  Spies  Among  Us  and  Zen  and 
the  Art  of  Information  Security. 

What’s  the  most  important  information 
security  lesson  you  learned  while  at  tha 
National  Security  Agency?  It’s  all  about 


from  the  trash.  The  CIO  has  to  remem¬ 
ber  that  the  title  is  “chief  information 
officer,”  not  "chief  computer  officer.” 

So  they  have  to  work  with  the  physical 
security  people,  for  example,  to  make 
sure  that  the  guards  are  going  through 
the  building  not  just  looking  for  fires. 

Look  at  ChoicePoint  [which  in  2005 
revealed  that  it  was  tricked  into  disclos¬ 
ing  private  information  on  163,000  con¬ 
sumers],  A  computer  didn’t  get  hacked, 
but  does  it  matter?  They  had  to  pay 
big  fines  [$15  million],  and  they  should 
have,  because  they  didn’t  look  at  infor- 
Continued  on  page  22 
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Continued  from  page  20 

mation  security  as  information  security, 

they  looked  at  it  as  computer  security. 

So  the  CIO  has  to  promote  information 
security  of  all  types?  Awareness  pro¬ 
grams  can  be  good,  but  awareness 
without  enforcement  is  completely 
useless.  What’s  the  penalty  for  brows¬ 
ing  pornography?  You  get  fired.  You 
need  something  like  that  for  other 
kinds  of  security  violations  —  for  ex¬ 


ample,  leaving  your  password  taped  to 
your  monitor.  There  should  be  spot¬ 
checking  —  someone  walking  through 
periodically  looking  for  passwords. 
First,  line  managers  should  be  respon¬ 
sible  for  reviewing  the  workplace, 
and  security  staffs  should  do  monthly 
walk-throughs. 

the  information  security  awareness  busi¬ 
ness.  Yes,  the  Department  of  Home¬ 
land  Security  is  relying  on  awareness 
efforts.  [DHS  head]  Michael  Chertoff 
says  [to  security  professionals],  “Hey 
guys,  work  with  us,  because  it’s  the 
right  thing  to  do." 

Government  has  been  asking  people 
to  voluntarily  cooperate  and  has  gotten 
no  results  whatsoever.  The  Internet 
service  providers  and  backbone  pro¬ 
viders  are  still  poorly  maintaining  the 
critical  infrastructure.  We  keep  saying 
“pretty  please,”  but  they  have  no  incen¬ 
tive  to  help.  So  Congress  should  pass 
enforcement  laws,  and  DHS  should  be 
mandating  things. 

What  kinds  of  things  might  be  mandated? 

Bad  guys  attack  systems  remotely  over 
the  Internet.  When  you  see  grandma 
sending  50,000  e-mail  messages,  you 
know  that’s  bad  traffic.  Why  don’t  ISPs 
stop  obviously  bad  traffic?  Get  grand¬ 
ma  off  until  she  fixes  her  computer. 

Similarly,  ISPs  could  scan  users,  and 
if  they  are  not  using  the  latest  [anti¬ 
virus  and  operating  system]  updates, 
get  them  off  the  Internet.  “Awareness” 
means  no  one  is  held  responsible. 

Is  that  fair?  Orandma  is  no  bad  guy.  If 

you  leave  your  home  PC  vulnerable 
these  days,  you  are  not  necessarily 
harming  yourself,  but  you  are  enabling 
fraud  because  somebody  is  going  to 
take  over  your  computer  and  use  it  to 
attack  others  or  aid  in  piracy  of  music 
and  movies  and  things  like  that. 


The  mandates  I  propose  are  look¬ 
ing  to  stop  the  exploitation  of  other 
people’s  systems,  which  in  turn  cause 
damages  to  millions  of  others.  The 
monitoring  is  targeting  what  is  gener¬ 
ally  considered  criminal  activity  and  is 
done  without  human  intervention. 

At  the  corporate  level,  is  a  combination 
of  awareness  and  enforcement  working 
pretty  well?  Some  big  companies,  like 
Citibank  and  JPMorgan  Chase,  are 
doing  reasonably  well.  But  companies 
like  T.J.  Maxx  [which  last  year  report¬ 
ed  that  millions  of  credit  card  numbers 
had  been  stolen  from  its  systems]  are 
not  doing  so  well. 

For  example,  many  merchants  are 
asking  for  exemptions  and  extensions 
for  compliance  with  the  [Payment 
Card  Industry  Data  Security  Stan¬ 
dard].  They  want  to  hold  off  with  PCI 
compliance  so  that  they  don’t  have 
to  spend  the  money.  They  say  it’s  too 
difficult,  but  the  reality  is  that  they 
don’t  want  to  put  the  required  resourc¬ 
es  to  it.  T.J.  Maxx  had  an  extension. 

But  security  is  like  the  80/20  rule, 
only  it’s  99/1.  You  can  solve  99%  of 
your  problems  with  1%  of  the  effort.  If 
you  take  care  of  the  basics  —  enable 
Windows  Update  Services,  buy  anti¬ 
virus  software,  get  host-based  intru¬ 
sion  detection  and  so  on  —  you  make 
it  significantly  harder  for  the  bad  guys 
to  attack  you.  They  go  for  the  low- 
hanging  fruit,  and  they  keep  moving 
on  to  more  vulnerable  targets. 

In  your  talk  at  the  RSA  security  confer¬ 
ence  in  April,  you  explained  how  wry 
basic  security  lapses  mado  it  oaty  for  you 
to  break  Into  a  power  company’s  control 
systems.  Yes,  we  were  able  to  access 
the  power  grid.  It  was  embarrassingly 
simple.  Some  negative  comments  that 
my  presentation  received  included 
that  Hacking  101  should 
not  be  part  of  an  RSA  |  READ  MORE 


But  don't  soma  people  object  to  ISP  filter¬ 
ing  on  cansorship/privacy/frao-markst 
principles?  Arguments  that  say  service 
providers  have  no  right  to  stop  some¬ 
one  from  sending  20  million  ping  mes¬ 
sages  are  absurd.  I  am  all  for  freedom 
of  whatever  until  it  starts  impinging  on 
the  freedom  of  others  as  well  as  creat¬ 
ing  a  financial  drain  on  others. 
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BSM: 

Delivering  on 
Business  Goals 

The  true  value  proposition  of 
Business  Service  Management 
begins  with  practical  IT  strategies 
to  support  business  goals. 


INTRODUCTION 

In  a  recent  online  survey  of  1 1 1  senior  IT  managers.  Computerworld 
asked  respondents  about  their  strategies  for  aligning  IT  with  the  busi¬ 
ness.  Survey  results  show  that  for  many  IT  leaders,  alignment  with  the 
business  no  longer  means  just  cutting  costs  or  rolling  out  strategic  appli¬ 
cations.  Increasingly,  CIOs  define  alignment  in  terms  of  how  effectively 
their  IT  departments  support  core  business  goals  for  growth  and  prof¬ 
itability.  In  effect,  IT  has  to  mind  the  top  line  as  well  as  the  bottom 
line— to  improve  service,  drive  growth  and  deliver  value  to  the  business. 

One  strategy  CIOs  are  adopting  for  business-oriented  service  across 
IT  is  Business  Service  Management  (BSM),  an  approach  for  delivering  IT 
services  to  directly  support  specific  business  goals.  At  the  heart  of  BSM 
is  the  integration  of  IT  management  disciplines  and  process  automation, 
which  helps  IT  deliver  the  level  of  services  the  business  requires. 

This  white  paper  provides  an  analysis  of  the  survey  results  and  offers 
practical  strategies  for  adopting  BSM,  including  how  you  can  connect 
BSM  to  IT  governance  and  security  for  a  comprehensive  Enterprise  IT 
Management  approach. 

DRIVERS  FOR  BUSINESS  SERVICE  MANAGEMENT 
The  Computerworld  survey,  which  was  designed  to  gauge  the  adoption 
rate  of  BSM  at  enterprise-sire  organizations,  reveals  a  prevalent  interest 
in  BSM.  The  survey  asked  respondents  about  their  familiarity  with  BSM, 
defined  as  a  strategy  and  approach  for  aligning  IT  services  and  compo¬ 
nents  with  business  objectives  and  goals.  More  than  70%  of  respondents 
said  they  are  somewhat  familiar  with  BSM,  and  31%  said  they  are 
extremely  or  very  familiar  with  the  concept.  A  majority  of  respon¬ 
dents— «5%— has  adopted  BSM  or  is  planning  to  do  so  within  the  next 
12  months.  (Of  these,  12%  adopted  BSM  more  than  one  year  ago.) 

Don  LeClair,  a  senior  vice  president  with  CA,  says  that  he  has  seen  a 
burgeoning  interest  in,  and  understanding  of,  BSM  among  CIOs.  “One  of 
the  core  responsibilities  of  a  CIO  is  aligning  IT  with  the  business,"  LeClair 
says.  “BSM  can  allow  CIOs  to  do  that  by  changing  their  focus  from  man¬ 
aging  technical  silos  to  managing  the  services  IT  offers  to  the  business." 

BSM  offers  “a  growing  opportunity  for  IT  organizations  to  deliver 
business  innovation  and  alignment  with  IT  investment,"  according  to 
Stephen  Elliot,  research  director  of  the  Enterprise  System  Management 
Software  Service  at  IDC.  The  appeal  of  BSM  will  increase  “as  products 
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Delivering  on 
Business  Goals 


er  IT  organizations  to  deliver  business  Value  at  strategic 
levels  of  the  organization,"  Elliot  adds  (Business  Service 
Management:  Survey  Shows  Rising  Customer  Adoption 
and  Increasing  Maturity,  October  2007). 

While  65%  of  survey  respondents  said  that  aligning  IT 
and  the  business  is  a  driver  tor  BSM,  there  are  other  driv¬ 
ers  as  well,  indicating  that  CIOs  are  looking  to  achieve  a 
number  of  goals  with  BSM. 

Increasing  IT  efficiency  is  a  mandate  for  many 
resource-strapped  CIOs,  and  52%  of  respondents  cited 
this  as  a  driver  of  BSM.  Given  that  the  scale  of  IT  is  grow- 
ingfaster  than  the  size  of  IT  staffs,  CIOs  need  to  get  the 
most  out  of  their  existing  personnel.  Automating  routine 
tasks  and  instituting  best  practices  for  repeatable  process¬ 
es— hallmarks  of  BSM— are  ways  to  boost  the  productiv¬ 
ity  and  efficiency  of  taxed  IT  staffs  and  reduce  errors. 

Another  top  driver  of  BSM  adoption  is  best  practices 
standards  such  as  ITIL*. COBIT'”  and  Six  Sigma®,cited 
by  49%  of  respondents.  According  to  Bob  Sterbens,  CA 
director  of  product  marketing.  ITIL®  in  particular  com¬ 
plements  BSM. “ITIL®  is  a  framework  that  provides  the 
baseline  to  deliver  BSM,"  Sterbens  says.  "Think  of  BSM  as 
the  goals  and  objectives  that  are  achieved  through  the 
processes  and  best  practices  of  ITIL®." 

For  BSM  to  be  consistently  effective,  IT  departments 
need  to  continually  assess  their  investments  and  tie  those 
back  to  the  needs  of  the  business  while  ensuring  compli¬ 
ance.  Consequently,  the  42%  of  respondents  who  men¬ 
tioned  IT  governance  and  regulations  as  a  driver  for  BSM 
offer  “strong  validation  that  IT  departments  are  managing 
governance  in  a  professional  way  as  a  means  of  continu¬ 
ous  improvement,"  LeClair  says.  This  also  shows  the  inter¬ 
dependence  of  BSM  and  IT  governance  practices. 


As  expectations  of  IT  have  increased,  IT  budgets  have 
not  kept  pace.  For  41%  of  respondents,  BSM  is  viewed  as  a 
way  to  manage  the  cost  of  IT  investments.  In  particular, 
CIOs  turn  to  BSM  to  rein  in  operational  costs  through 

tasks  can  also  reduce  errors  and  control  costs  by  decreas¬ 
ing  service  issues  and  downtime,  critical  benefits  for  any 
enterprise  that  is  highly  dependent  on  IT. 

In  a  service-centric  environment,  IT  increasingly  needs 
to  be  proactive.  Among  survey  respondents,  35%  said  that 
customer  responsiveness  is  a  factor  for  adopting  BSM.  By 
viewing  IT  components  within  the  context  of  the  services 
they  deliver,  IT  can  improve  root-cause  analysis  and  prob¬ 
lem  management. 

For  32%  of  respondents,  BSM  provides  executive  visi¬ 
bility  and  transparency  into  IT.  Increasingly,  the  value  of 
IT  is  that  of  an  enabler  of  the  business  and  not  simply  an 
expense.  Not  coincidentally,  32%  of  respondents  said  that 
service-level  agreements  are  pushing  the  adoption  of  BSM 
as  IT  departments  offer  guarantees  that  service  quality 
meets  business  standards. 

BENEFITS  OF  BSM 

Survey  respondents  reported  many  important  benefits  of 
BSM  that  address  various  issues,  including  operational 

■  Aligning  IT  with  the  business.  This  is  essentially  an 
overarching  goal  of  BSM  and  its  most  important  bene¬ 
fit;  84%  said  alignment  is  extremely  or  very  important. 
This  finding  is  not  surprising,  considering  that  IT/busi- 
ness  alignment  is  a  primary  driver  of  BSM. 

■  Improved  end-user  satisfaction.  This  is  a  benefit 
cited  by  79%  of  respondents  as  extremely  or  very 
important.  One  way  that  BSM  accomplishes  this  is 
through  monitoring  application  and  transaction  per- 
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across  the  enterprise  management  markets  deliver  value 
through  integrations  and  service  dashboards  that  empow¬ 
er  IT  organizations  to  deliver  business  value  at  strategic 
levels  of  the  organization,”  Elliot  adds  (Business  Service 
Management:  Survey  Shows  Rising  Customer  Adoption 
and  Increasing  Maturity,  October  2007). 

While  65%  of  survey  respondents  said  that  aligning  IT 
and  the  business  is  a  driver  for  BSM,  there  are  other  driv¬ 
ers  as  well,  indicating  that  CIOs  are  looking  to  achieve  a 
number  of  goals  with  BSM. 

Increasing  IT  efficiency  is  a  mandate  for  many 
resource-strapped  CIOs,  and  52%  of  respondents  cited 
this  as  a  driver  of  BSM.  Given  that  the  scale  of  IT  is  grow¬ 
ing  faster  than  the  size  of  IT  staffs,  CIOs  need  to  get  the 
most  out  of  their  existing  personnel.  Automating  routine 
tasks  and  instituting  best  practices  for  repeatable  process¬ 
es — hallmarks  of  BSM — are  ways  to  boost  the  productiv¬ 
ity  and  efficiency  of  taxed  IT  staffs  and  reduce  errors. 

Another  top  driver  of  BSM  adoption  is  best  practices 
standards  such  as  1T1L®,  COBIT™  and  Six  Sigma®, cited 
by  49%  of  respondents.  According  to  Bob  Sterbens,  CA 
director  of  product  marketing,  ITIL®  in  particular  com¬ 
plements  BSM.“ITIL®  is  a  framework  that  provides  the 
baseline  to  deliver  BSM,”  Sterbens  says.  “Think  of  BSM  as 
the  goals  and  objectives  that  are  achieved  through  the 
processes  and  best  practices  of  ITIL®.” 

For  BSM  to  be  consistently  effective,  IT  departments 
need  to  continually  assess  their  investments  and  tie  those 
back  to  the  needs  of  the  business  while  ensuring  compli¬ 
ance.  Consequently,  the  42%  of  respondents  who  men¬ 
tioned  IT  governance  and  regulations  as  a  driver  for  BSM 
offer  “strong  validation  that  IT  departments  are  managing 
governance  in  a  professional  way  as  a  means  of  continu¬ 
ous  improvement,”  LeClair  says.  This  also  shows  the  inter¬ 
dependence  of  BSM  and  IT  governance  practices. 


As  expectations  of  IT  have  increased,  IT  budgets  have 
not  kept  pace.  For  41%  of  respondents,  BSM  is  viewed  as  a 
way  to  manage  the  cost  of  IT  investments.  In  particular, 
CIOs  turn  to  BSM  to  rein  in  operational  costs  through 
automation  of  routine  processes.  Automation  of  routine 
tasks  can  also  reduce  errors  and  control  costs  by  decreas¬ 
ing  service  issues  and  downtime,  critical  benefits  for  any 
enterprise  that  is  highly  dependent  on  IT. 

In  a  service-centric  environment,  IT  increasingly  needs 
to  be  proactive.  Among  survey  respondents,  35%  said  that 
customer  responsiveness  is  a  factor  for  adopting  BSM.  By 
viewing  IT  components  within  the  context  of  the  services 
they  deliver,  IT  can  improve  root-cause  analysis  and  prob¬ 
lem  management. 

For  32%  of  respondents,  BSM  provides  executive  visi¬ 
bility  and  transparency  into  IT.  Increasingly,  the  value  of 
IT  is  that  of  an  enabler  of  the  business  and  not  simply  an 
expense.  Not  coincidentally,  32%  of  respondents  said  that 
service-level  agreements  are  pushing  the  adoption  of  BSM 
as  IT  departments  offer  guarantees  that  service  quality 
meets  business  standards. 

BENEFITS  OF  BSM 

Survey  respondents  reported  many  important  benefits  of 
BSM  that  address  various  issues,  including  operational 
and  cultural  issues: 

■  Aligning  IT  with  the  business.  This  is  essentially  an 
overarching  goal  of  BSM  and  its  most  important  bene¬ 

fit;  84%  said  alignment  is  extremely  or  very  important. 
This  finding  is  not  surprising,  considering  that  IT/busi- 
ness  alignment  is  a  primary  driver  of  BSM. 

■  Improved  end-user  satisfaction.  This  is  a  benefit 
dted  by  79%  of  respondents  as  extremely  or  very 
important.  One  way  that  BSM  accomplishes  this  is 
through  monitoring  application  and  transaction  per- 


key  factor  in  reducing  costs. 

Improved  predictability.  Standardizing  and  automating 
routine  tasks  also  improves  predictability — a  benefit 
cited  by  70%  of  survey  respondents  as  extremely  or  very 
important. 

Operational  benefits.  While  BSM  inherently  aims  to 
improve  the  level  and  reliability  of  service  to  end  useis, 
it’s  important  to  note  that  there  are  several  benefits  that 
address  IT  operations  specifically.  According  to  the 
Computerworld  survey,  three  such  benefits  stand  out  in 
terms  of  being  extremely  or  very  important  to  respondents: 


BSM.  Survey  respondents  reported  the  following  obstacles 
implementing  BSM: 

■  Lack  of  understanding  of  the  value  proposition  (48%) 

■  Already  committed  to  other  major  initiatives  (46%) 

■  Staff  skill  sets  (42%) 

■  Confidence  in  the  maturity  of  the  solutions  being 
offered  (34%) 

■  Budget  (32%) 

■  Have  not  adopted  ITIL*  (29%) 

■  Technology  integration  (28%) 

■  Implementing  a  CMDB  (26%) 
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STRATEGIES  FOR  SUCCESSFUL  BSM  ADOPTION 
There  is  no  boilerplate  template  for  implementing  BSM; 
how  an  IT  organization  proeeeds  depends  entirely  on  its 
starting  point  and  its  priorities.  As  a  concept,  BSM  can  be 
overwhelming,  so  it  pays  to  “have  a  good  idea  of  the  end 
state  you  want  to  achieve  and  put  a  plan  in  place  to  get 
there  incrementally,”  says  Allan  Andersen,  CA  vice  presi¬ 
dent  of  product  management. 

To  successfully  adopt  BSM,  an  IT  department  has  to 
clearly  assess  its  current  capabilities  and  process  maturity 
level  in  four  general  areas  which,  says  Sam  Somashekar, 

CA  senior  principal  product  manager,  cover  the  entire 
service  lifecycle.  By  tackling  each  of  these  areas  based  on 
priorities  and  where  best  to  achieve  a  return,  an  IT  organi¬ 
zation  can  take  an  incremental  approach  to  implementing 
BSM  that  incorporates  continual  process  improvement: 

■  Application  performance  management  (APM).  This 
area  provides  IT  with  comprehensive  visibility  into  every 
transaction  and  enables  the  management  of  transac¬ 
tions  from  a  performance  perspective.  APM  enables  IT 
to  react  quickly  to  performance  issues  by  supporting 
real-time  monitoring  capabilities.  In  addition,  APM  pro¬ 
vides  an  understanding  of  how  IT  problems  affect  busi¬ 
ness  services. 

According  to  Rick  Htz,  vice  president  of  product 
management  at  CA,  IT  can  easily  grasp  APM  by  shift¬ 
ing  how  it  has  typically  looked  at  performance. 
Traditionally,  IT  has  focused  initially  on  detecting 
faults  in  the  infrastructure  and  then  stabilizing  them, 
followed  by  monitoring  the  performance  of  devices, 
and  finally,  by  looking  at  transaction  performance. 
“With  BSM,"  Fitz  says, “IT  has  to  look  at  transactions 


reports  and  can  enable  IT  to  support  changing  condi¬ 
tions  through  real-time  response.  Consequently,  data 
center  automation  helps  IT  operations  streamline  its 
tasks  and  facilitate  better  service  to  end  users. 
Computerworld  survey  respondents  recognize  the  value 
of  data  center  automation.  In  fact,  89%  of  respondents 
said  that  data  center  automation  is  at  least  somewhat 
important  to  their  organization,  with  32%  rating  it 
extremely  important  and  32%  rating  it  very  important. 

■  Infrastructure  management  The  key  in  terms  of 
BSM  is  “to  integrate  infrastructure  management  into  a 
cohesive,  unified  view,”  Somashekar  says.  A  unified 
view  of  infrastructure  components  gives  IT  the  ability 
to  conduct  root-cause  analysis  by  correlating  events 
and  performance  issues  across  the  entire  IT  infrastruc¬ 
ture.  “Correlating  activities  across  the  infrastructure  is 
necessary  in  order  to  handle  change  better,” 
Somashekar  adds.  “From  an  infrastructure  manage¬ 
ment  perspective,  it’s  important  to  diagnose  and  repair 
problems  before  they  impact  services.” 

■  Service  management  This  involves  “the  analysis  of  a 
lot  of  the  activities  that  happen  in  the  infrastructure," 
Andersen  says.  “This  is  accomplished  through  looking 
at  things  like  dashboards,  service  levels  and  the  overall 
services  delivered.”  With  service  management,  IT  gains 
the  ability  to  manage  both  hardware  and  software 
assets,  which  often  results  in  better  cost  control  and 
better  governance  of  software  licenses. 

CIOs  are  shifting  from  running  IT  as  a  technology 

base  to  running  IT  as  a  business,  and  BSM  “allows  CIOs 

to  run  IT  more  efficiently  and  align  IT  with  the  business," 


addressed  quickly.  IT  needs  to  be  able  to  connect  BSM  to  security 

Data  center  automation.  By  automating  routine,  repeti-  ernance  solutions  for  a  comprehensive  Enterp 
live  tasks  such  as  patch  management  and  software  ddiv-  Management  (EITM)  approach. “As  regulation 


At  what  stage  is  your  organization 


investments  so  that  the  services  delivered  are  the  n 
services,"  says  LeClair.  “BSM  is  about  providing  the 
services,  while  governance  is  focused  on  strategic  v 
projects  and  decision  making,”  adds  Sarah  Meyer,  C 
product  marketing  director. 

CONCLUSION 

To  succeed  at  BSM,  IT  departments  need  to  automat 
processes  and  integrate  the  management  of  IT  comp 
nents  to  deliver  high-quality  services  that  meet  busi 
needs.  In  effect,  this  means  that  IT  departments  can 
longer  focus  on  managing  devices  or  applications— they 
must  correlate  technology  components  within  the  infra¬ 
structure  to  the  business  services  that  they  support  In  th 
process  of  doing  this,  the  role  of  IT  shifts  from  being  cen 
tered  on  providing  technology  to  focusing  on  providing 
services  that  contribute  to  business  goals.  The  end  result 
of  successful  BSM  adoption— IT/business  alignment— ii 
characterized  by  a  responsive,  dynamic  IT  infrastructure 
that  supports  the  delivery  of  services  that  enable  users  to 
succeed  and  a  business  to  thrive. 


■  OPINION 

John  D.  Halamka 


Time  Is  the  Most 
Valuable  of  Gifts 


T 


IME  is  the  one  commodity  you  cannot  buy  or 
make  more  of.  It  is  our  most  valuable  resource.  As 
CIO,  I  should  allocate  this  precious  commodity  to 
those  people  and  projects  most  needing  attention. 


I  would  really  enjoy 
spending  my  days  meeting 
with  friendly,  aligned  and 
supportive  stakeholders 
and  focusing  on  the  proj¬ 
ects  that  are  proceeding 
flawlessly.  But  my  time  is 
better  spent  on  the  stake¬ 
holders  who  aren’t  satis¬ 
fied  and  the  projects  that 
are  troubled  by  politics, 
scope  creep  or  technical 
challenges. 

Every  day,  my  staff  pep¬ 
pers  me  with  questions  on 
the  budget,  strategy  and 
workplace  politics.  I  should 
not  be  the  cause  of  a  slow¬ 
down  in  their  productivity, 
so  I  respond  within  an 
hour  with  either  an  answer 
or  a  set  of  next  steps.  This 
is  a  great  use  of  my  time. 

Every  day,  my  customers 
ask  for  new  projects,  new 
priorities  or  new  features. 

I  respond  with  either  a 
blog  entry  so  that  I  widely 
communicate  the  answer,  a 
personal  e-mail  or  a  set  of 
next  steps  (pulling  in  our 
governance  committees  to 
consider  the  request).  This 
is  a  great  use  of  my  time. 

Every  day,  I  receive  a 
hundred  requests  from 


salespeople  for  my  time.  I 
will  not  grant  my  time  to 
cold-calling  salespeople. 
As  needs  arise.  Til  search 
the  Web  for  technologies 
and  user  experiences  with 
various  products.  I'll  then 
contact  the  vendors  I  want 

Every  day,  I  receive  nu¬ 
merous  requests  to  travel 
to  give  presentations.  I’m 
always  happy  to  educate, 
communicate  and  collabo¬ 
rate.  But  whereas  doing 
a  conference  call,  WebEx 
meeting  or  videoeconfer- 
ence  is  a  great  use  of  my 
time,  sitting  in  an  airport 
for  half  a  day  because  of  a 
canceled  flight  is  not.  I’m 
hoping  our  culture  chang¬ 
es  to  the  point  that  we 
all  recognize  the  value  of 
time  and  do  more  virtual 
collaboration. 

The  value  of  time  has 
been  much  on  my  mind 
lately,  and  I  realized  that 


■  While  it’s  tnie 
that  you  can't  make 
more  time,  you  can 
makeagHtof  it 


while  it’s  true  that  you 
can’t  make  more  time,  you 
can  make  a  gift  of  it  I  did 
this  recently  for  my  father. 

I  had  a  Google  Advisory 
Council  meeting  in  Silicon 
Valley  that  ended  in  the 
early  afternoon.  My  par¬ 
ents  live  in  Southern  Cali¬ 
fornia,  so  I  asked  my  father 
to  fly  up  to  San  Jose. 

We  drove  together 
through  the  most  beautiful 
places  in  the  Santa  Cruz 
Mountains  —  Crystal 
Springs  Reservoir/Filoli/ 
Alpine  Road,  Highway 
84  to  Skyline  Boulevard, 

La  Honda,  San  Gregorio, 
Highway  1  to  Pigeon  Point 
Lighthouse  and  Pescadero. 
For  six  hours,  we  turned  off 
our  cell  phones,  drove  and 
talked.  We  talked  about 
life,  goals,  the  future,  fam¬ 
ily  and  challenges.  We  had 
dinner  at  Duarte's,  a  19th 
century  restaurant  known 
for  its  fresh  artichoke  dish¬ 
es  and  homemade  pie. 

At  sunset,  we  returned 
to  Skyline  Boulevard  and 
played  our  flutes  together 
—  my  shakuhachi  and  his 
Native  American  flute.  I 
then  dropped  him  off  at 


the  airport  and  spent  the 
night  in  San  Francisco 
before  an  early-morning 
board  meeting. 

I  can  think  of  no  more 
profound  gift  than  time. 

My  daughter  and  I  recently 
began  playing  the  Native 
American  flute  so  that  we 
can  have  a  family  gift  of 
time.  My  parents  will  join 
us  on  our  family  vacation 
to  Yosemite  in  August,  and 
we’ll  play  music  together 
across  three  generations. 

I  would  be  completely 
content  to  never  get  anoth¬ 
er  tie,  CD  or  gadget  for  Fa¬ 
ther’s  Day  if  instead  I  could 
have  the  gift  of  time  from 
my  daughter  for  a  walk  in 
the  woods,  kayaking  a  river 
or  playing  a  flute. 

Next  time  you  ask  how 
to  organize  your  day  as 
an  IT  professional,  think 
about  the  value  of  your 
time.  Think  about  the 
needs  of  your  customers, 
staff  and  family.  If  you 
think  about  your  time  as 
a  gift  and  your  most  valu¬ 
able  commodity,  I  suspect 
your  schedule  may  change. 
I  know  mine  has.  ■ 

John  D.  Halamka  is  CIO 
at  CareGroup  Healthcare 
System,  CIO  and  associ¬ 
ate  dean  for  educational 
technology  at  Harvard 
Medical  School,  chair¬ 
man  of  the  New  England 
Health  Electronic  Data 
Interchange  Network,  chair 
of  the  national  Healthcare 
Information  Technology 
Standards  Panel  and  a 
practicing  emergency  physi¬ 
cian.  You  can  contact  him 
at  jhalamka@caregroup. 
harvard.edu. 
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IF  there  is  a  Holy  Grail  in 
the  information  security 
industry,  it  surely  is  the  an¬ 
swer  to  the  question,  “How 
secure  is  secure  enough?” 

It’s  a  question  that  many 
security  managers  have  ei¬ 
ther  avoided  answering  altogether  or 
tried  to  quickly  sidestep  by  throwing 
a  fistful  of  mainly  pointless  opera¬ 
tional  metrics  at  anyone  who  cared 
to  ask. 


But  with  a  faltering  economy  be¬ 
ginning  to  put  the  squeeze  on  IT 
budgets,  and  security  managers  be¬ 
ing  asked  to  justify  every  dollar  they 
spend,  there  is  a  growing  need  to 
come  up  with  a  better  answer  to  the 
query.  Increasingly,  there  is  pressure 
on  IT  managers  to  demonstrate  how 
exactly  their  security  investments 
are  helping  them  manage  threats  to 
their  businesses.  Companies  want  to 
know  if  the  money  they  are  spending 


on  security  is  too  much,  too  little  or 
just  enough. 

Answering  the  question  with  any 
degree  of  accuracy  involves  art  and 
luck  as  much  as  it  does  science,  say 
security  managers.  But  by  adopting 
the  right  approaches,  it  is  possible  to 
arrive  at  a  better  answer  than  some 
might  expect,  they  say. 

Here  are  five  steps  to  help  you 
determine  whether  your  company  is 
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be  to  decide  how  much  you  are  com¬ 
fortable  with,  he  says. 

“People  often  talk  about  acceptable 
risk,"  says  Brotby,  but  what  you  really 
should  focus  on  is  acceptable  business 


it  actually  is  incredibly  liberat- 
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t  ,  ,\.unple.  the  frameworks  can  be 
,|  to  decide  the  appropriate  tools  to 
meet  an  internal  data  access  control 
objective  or  to  comply  with  a  statute 
that  requires  data  logging  and  auditing 
capabilities. 

A  formal  framework  gives  compa¬ 
nies  a  way  to  quickly  assess  how  ef¬ 
fectively  their  controls  are  working,  be¬ 
cause  each  security  control  is  mapped 
to  a  specific  business  or  compliance 
objective,  says  Marc  Othersen,  an  ana¬ 
lyst  at  Forrester  Research  Inc. 

"It  shows  why  a  control  is  there  in 
the  first  place.  It  links  security  controls 
to  IT  risks  and  shows  what  would  hap¬ 
pen  if  a  particular  control  fails,”  says 
Othersen.  "The  IT  risk  management 
goal  is  to  put  context  around  a  control 


I  I  Measure  everything. 

Ll  The  audiences  for  such  met¬ 
rics  and  the  purposes  those  metrics 
serve  can  vary,  so  it's  important  to  en¬ 
sure  that  all  aspects  of  an  IT  security 
program  are  measured^  ^  ^ 


purely  on  operational  data  —  such  as 
firewall  log  data  or  antivirus  data  — 
offers  no  navigational  or  management 
metrics,  says  ISACA's  Brotby. 

"If  1  don't  have  good  policy  compli¬ 
ance.  is  it  because  people  don't  know¬ 
how  to  do  it  or  because  they  are  ignor¬ 
ing  my  policy?"  he  says. 

To  understand  such  issues,  GM 
has  established  a  four-tiered  metrics 
framework  to  collect  and  analyze  per¬ 
formance  data  on  multiple  aspects  of 
the  company's  information  security 
program  (see  "GM's  Metrics  Frame¬ 
work."  this  page). 


nesses  track,  trend  and  report  on  secu¬ 
rity  performance,  says  Ed  Cooper,  vice 
president  of  marketing  at  Skybox  Secu¬ 
rity  Inc.,  a  vendor  whose  risk-modeling 
products  are  used  bv  organizations 
such  as  Standard  Chartered  Bank.  The 

sense  for  each  stakeholder,  how  to 
gather  the  information  and  what  lan¬ 
guage  to  present  it  in,  he  says. 

"Everybody  looks  at  risk  from  their 


GM’s  Metrics  Framework 

The  audiences  for  information  security  metrics  and  the  purposes  those  metrics  serve  can 
vary,  so  it's  important  to  ensure  that  all  aspects  of  an  IT  security  program  are  measured 
The  layers  on  the  GM  pyramid  do  not  represent  a  hierarchy:  they  are  simply  used  to  sepa¬ 
rate  metrics  by  purpose  and  by  audience.  The  minute-by-minute  operational  metrics,  for 
example,  help  IT  managers  determine  whether  security  tools  are  working  as  intended 
The  process  layer  helps  the  company  decide  whether  course  corrections  are  needed.  The 
executive  layer  helps  the  information  security  team  communicate  with  top  management. 

EXECUTIVE  METRICS 

(e.g.,  return  on  mveebnents.  and  areas  of 
over  investlDMt  or  WdMinvestment) 

PROCRAM  METRICS 

(e.g.,  effectiveness  of  security  training, 
governance  and  compliance  programs) 


For  example,  the  frameworks  can  be 
used  to  decide  the  appropriate  tools  to 
meet  an  internal  data  access  control 
objective  or  to  comply  with  a  statute 
that  requires  data  logging  and  auditing 
capabilities. 

A  formal  framework  gives  compa¬ 
nies  a  way  to  quickly  assess  how  ef¬ 
fectively  their  controls  are  working,  be¬ 
cause  each  security  control  is  mapped 
to  a  specific  business  or  compliance 
objective,  says  Marc  Othersen,  an  ana- 


GM’s  Metrics  Framework 

The  audiences  for  infotmation  security  metrics  and  the  purposes  those  metrics  serve  can 
vary,  so  it's  important  to  ensure  that  ail  aspects  of  an  IT  security  program  are  measured. 
The  layers  on  the  GM  pyramid  do  not  represent  a  hierarchy:  they  are  simply  used  to  sepa¬ 
rate  metrics  by  purpose  and  by  audience.  The  minute-by-minute  operational  metrics,  tor 
example,  help  IT  managers  determine  whether  security  tools  are  working  as  intended. 
The  process  layer  helps  the  company  decide  whether  course  corrections  are  needed.  The 
executive  layer  helps  the  information  security  team  communicate  with  lop  management. 


serve  can  vary,  so  it’s  important  to  en¬ 
sure  that  all  aspects  of  an  IT  security 
program  are  measured. 

A  metrics  program  that  is  focused 
purely  on  operational  data  —  such  as 
firewall  log  data  or  antivirus  data  — 
offers  no  navigational  or  management 
metrics,  says  ISACA’s  Brotby. 

“If  I  don’t  have  good  policy  compli¬ 
ance,  is  it  because  people  don’t  know 
how  to  do  it  or  because  they  are  ignor¬ 
ing  my  policy?"  he  says. 

To  understand  such  issues,  GM 
has  established  a  four-tiered  metrics 
framework  to  collect  and  analyze  per¬ 
formance  data  on  multiple  aspects  of 
the  company’s  information  security 
program  (see  “GM’s  Metrics  Frame¬ 
work,”  this  page). 

The  right  metrics  can  help  busi¬ 
nesses  track,  trend  and  report  on  secu¬ 
rity  performance,  says  Ed  Cooper,  vice 
president  of  marketing  at  Skybox  Secu¬ 
rity  Inc.,  a  vendor  whose  risk-modeling 
products  are  used  by  organizations 
such  as  Standard  Chartered  Bank.  The 
trick  is  to  know  which  metrics  make 
sense  for  each  stakeholder,  how  to 
gather  the  information  and  what  lan¬ 
guage  to  present  it  in,  he  says. 

“Everybody  looks  at  risk  from  their 


m  point  of  view.  Metrics  have  to 
t  into  some  sort  of  relevancy”  fo 
ch  perspective.  Cooper  says. 


Implementing  controls  for 
pQ  |  dealing  with  security  threats 
vV -J  is  one  thing.  Testing,  moni¬ 
toring  and  validating  them  is  another. 
“If  you  have  key  controls  on  critical 
processes,  you  need  continual  moni¬ 
toring  to  make  sure  they  are  working,” 
Brotby  says. 

This  sort  of  monitoring  can  be  part 
of  a  broader  IT  governance  program  or 
compliance  and  auditing  effort. 

Often,  many  of  the  controls  that 
companies  are  using  to  manage  risk 
were  originally  implemented  in  re¬ 
sponse  to  some  tactical  issue.  Many 
companies,  for  instance,  have  imple¬ 
mented  network  behavior  analysis 
tools  in  response  to  concerns  over 
so-called  zero-day  threats  that  take 
advantage  of  unpatched  software  vul¬ 
nerabilities. 

It’s  important  to  tie  controls  back  to 
a  specific  business  risk  and  then  moni¬ 
tor  them  to  ensure  that  they  are  indeed 
doing  what  they  were  intended  to  do. 


“The  problem  with  controls  is  that 
they  are  put  in  place  reactively  to  a 
particular  problem,  and  then  they 
pile  up,  so  you  get  layers  of  controls 
that  people  don’t  know  are  controls,” 
Brotby  says. 

To  a  large  extent,  governance  is 
what  you  are  doing  when  you  gather 
metrics  to  prove  compliance  with  an 
internally  or  externally  driven  security 
requirement,  Meakin  says. 

are  the  risks  and  these  are  the  controls, 
and,  yes,  I  have  mapped  those  controls 
to  the  regulatory  requirement,”  he 
says.  “The  fact  I  am  measuring  is  a 
demonstration  of  proper  governance.” 

Taking  such  steps  will  be  challeng¬ 
ing  for  large  companies  where  the 
security  environment  has  grown  in 
response  to  tactical  considerations  as 
opposed  to  strategic  ones. 

To  understand  how  secure  you 
need  to  be  in  that  kind  of  environ¬ 
ment,  start  by  looking  at  your  industry 
or  regulatory  compliance  objectives, 
Othersen  says. 

But  whatever  your  environment,  get 
started.  A  better  answer  to  the  big  se¬ 
curity  question  is  within  reach.  ■ 


Microsoft 
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From  Technology  Goddesses  camp  to 
your  future  IT  workforce.  By  Julia  King 


SMART  MFPs? 

HOW  ABOUT  GENEROUS  TOO? 


WhTDoYoWt  ro$\Y? 


Cora  Carmody  is  hoping  that  Tech¬ 
nology  Goddesses  will  help  reverse 
that  trend  and  make  technology  rel¬ 
evant  —  even  cool  —  for  this  at-risk 
age  and  gender  group,  by  teaching  girls 
about  digital  design,  Web  site  develop¬ 
ment,  computer  graphics  and  digital 
moviemaking,  and  by  exposing  them  to 
women  in  technology-related  careers. 

Carmody,  senior  vice  president  for 
global  IT  at  Jacobs  Engineering  Group 
Inc.  in  Pasadena,  Calif,  also  considers 
the  program  a  way  to  build  the  future 
IT  workforce.  “Any  one  of  these  girls 
could  be  a  CIO  one  day  because  they're 
starting  now,”  she  says. 

Carmody  founded  the  program  in 
2002  on  the  East  Coast  and  began 
working  with  the  Girl  Scouts  in  2003, 
when  she  moved  to  the  West  Coast  to 
work  at  Science  Applications  Interna¬ 
tional  Corp.  Since  then,  the  program 


eight  field  trips  to  places  like  Microsoft 
Corp.'s  Innovation  Center  in  Irvine, 
Calif.,  and  Cox  Communications  Inc.’s 
multimedia  digital  production  studio 
at  Petco  Park,  the  home  playing  field  of 
the  San  Diego  Padres. 

All  of  the  programs  take  place  in  a 
“girl-friendly”  learning  environment. 

“The  patterns  of  learning  are  differ¬ 
ent  for  girls,”  says  Carmody,  who  is  the 
mother  of  three  sons  and  a  daughter 
and  the  leader  of  a  Girl  Scout  troop. 

“Girls  are  much  more  social.  They 
like  working  together  in  teams.  They're 
also  much  more  impressionable  by  role 
models.  And  their  role  models  tend 
to  be  older  girls,  not  adults.  An  older 
girl  is  the  best  technology  mentor  for  a 
younger  girl,”  she  says. 

Technology  Goddesses  and  Girl 
Scouts  made  a  perfect  pairing,  espe¬ 
cially  since  one  of  the  Girl  Scouts'  mot- 


component, 
ogy  and  service  components. 

“Through  Technology  Goddesses, 
the  girls  learn  to  use  technology  and 
gain  life  skills  and  develop  critical- 
thinking  skills,”  says  Jo  Dee  Jacob, 

CEO  of  Giri  Scouts,  San  - 

Diego-Imperial  Council 
“They  educate  them-  O  MORE  SODDES 

selves  and  others."  mSmSSSSShil 

This  particular  >  beviewKlUMiipiikn 
weekend,  the  seventh-, 
eighth-  and  ninth-grade 
scouts,  called  Cadettes,  are  using 
Bureau  of  Labor  Statistics  data  to  re¬ 
search  IT-related  careers.  They  are  also 
coaching  younger  Brownies  and  Dai¬ 
sies,  who  are  in  kindergarten  through 
third  grade,  and  the  campers  join  brief¬ 
ly  for  various  technology  lessons. 

Today,  it’s  eighth-grader  Angela 

Continued  on  page  36 
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Even  Goddesses 

M—j  n_i.  i _ Ll. 

need  rtoie  imockms 


Aside  from  a  lot  of  fun,  the  benefits 


of  choice  and  getting  a  glmpse  of  tomor¬ 
row’s  high-tech  workforce,  says  Susie 
Schmitt,  an  Internet  manager  at  SAIC 
who  has  served  on  career  panels  at  Tech¬ 
nology  Goddesses  camps. 

Young  girts  need  to  see  and  talk  to 
nand  men  who  work  in  and  with  IT 
c  view  of  what 


ITIohe.- 

girts  about  a  career  hi  technology,  they’d 
say. -Who  wants  to  be  a  geek  and  sit  at  a 
computer  al  day  and  be  by  yourself?- " 

By  volunteering  to  tefc  about  your  IT  |ob, 
career  and  work  Me  at  a  Technology  God- 


The  products  from  Biasi’s  session  are 
the  main  attraction  on  Day  2  of  camp. 
That’s  when  the  girls  showcase  the 
multimedia  presentations  they've  cre¬ 
ated  about  Technology  Goddesses  pro¬ 
grams.  These  incorporate  video,  clip  art, 
photos  and  lots  of  music,  ranging  from 
Beethoven’s  Ninth  Symphony  to  the  bi¬ 
lingual  rap  and  rock  tunes  of  Karsh  Kale. 

Over  the  course  of  the  two  days,  the 
girls  also  get  girly  with  technology. 
They  make  scented  bath  salts  and  use 
graphics  software  and  designs  down¬ 
loaded  from  the  Internet  to  create  labels 
for  the  jars.  These  items,  Carmody 
points  out,  can  be  sold  to  raise  addition¬ 
al  funds  for  more  Technology  Goddess¬ 
es  programs  or  the  Girl  Scout  troops, 
or  to  offer  scholarships  to  Technology 
Goddesses  summer  camp.  This,  too,  is 
in  line  with  another  Girl  Scout  motto: 

“A  Girl  Scout  uses  resources  wisely." 

Virtually  all  of  the  Technology  God¬ 
desses'  camp  activities,  workshops  and 
programs  are  designed  to  be  repeated 
by  other  Girl  Scout  troops.  Step-by-step 
materials  and  directions  are  available 
in  a  “badge-in-a-box”  format  at  www. 
technology-goddesses.org. 

“I’d  like  to  see  this  program  grow,” 
says  Carmody.  ■ 
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IT  professionals  unite! 

Introducing  the  new 


The  NEW  ITworld  offers  active  members  of  the  IT  industry  a 
unique  atmosphere  for  information  sharing.  Unlike  most  IT  sites 
that  push  content  to  visitors,  this  site  is  set  up  as  an  "open 
exchange"  that  allows  IT  professionals,  technology  vendors, 
and  other  industry  luminaries  to  all  participate  in  creating 
content  around  the  topics  that  mean  the  most  to  them. 

www.ITworld.com 


■  SECURITY  MANAGER’S  JOURNAL  C.J.  KELLY 

Switching  Gears, 
And  Looking  Back 

In  the  course  of  four  years,  much  was 
accomplished  in  a  government  agency  that 

was  a  security  disaster  waiting  to  happen. 


X  FINALLY  DECIDED  to  of  confidential  health  grade  level,  not  your  skill 

leave  public  service  information,  unfinished  set  How  can  time  on  the 

and  go  back  to  the  policy  documents,  an  un-  job  trump  experience, 

private  sector.  The  stable  network  (is  it  any  skills  and  execution? 

decision  wasn’t  easy,  wonder?),  no  firewalls,  no  Even  though  I  wanted  to 
because  I  hate  to  leave  the  intrusion  detection,  no  get  to  work  on  the  techni- 

team.  My  boss  is  adjusting,  network  monitoring  and  cal  problems,  I  had  to  fix 

but  he's  not  happy.  I  am  basically  no  plan  for  im-  the  people  problems  first 

very  excited,  though,  to  be  provement.  That  meant  changing  the 

going  back  to  what  I  enjoy  I  remember  early  on  way  people  thought  about 

—  security  consulting.  witnessing  one  of  the  themselves  and  their  jobs. 

In  almost  four  years  sysadmins  reboot  the  If  you  tell  a  group  of  state 

in  public  service,  I  was  main  switch  whenever  employees  that  their  se- 

able  to  make  significant  the  network  seemed  to  niority  isn't  as  important 


Trouble 

Ticket 

AT  ISSUE:  A  job  offer 
proves  impossible  to 
resist. 

ACTIOM  PLAN:  Move  on. 
and  hope  your  influence 


technology.  And  he  had 
budgeted  for  the  changes 
and  just  needed  someone 
who  understood  what  need¬ 
ed  to  be  done  and  would 
execute.  I  was  very  lucky 
to  have  him  on  my  side. 

In  the  end,  my  job  in 
government  was  all  about 
vision  and  communicat¬ 
ing  that  vision.  If  you  can 
imagine  a  secured  envi¬ 
ronment  and  understand 
what  needs  to  be  done,  you 
can  do  anything.  Com¬ 
municating  that  vision  is 
an  art,  and  it’s  where  many 
managers  fail.  I  created 
numerous  presentations 
and  network  diagrams.  I 
wrote  plan  documents  and 
road  maps,  and  commu¬ 
nicated  the  vision  to  man¬ 
agement,  never  forgetting 
that  the  team  that  was  go- 


hundreds  of  open  ports, 
network  switches  that  al¬ 
lowed  Telnet  connections 
with  no  password,  and  PCs 
that  weren't  patched  and 


■  I  made  it  dear 
that  I  would  judge 
performance  based 
on  teamwork  and 
execution. 


been  able  to  get  through 
to  them,  and  I  was  able 
to  hire  replacements  who 
understood  where  I  was 
coming  from. 

Fortunately,  my  boss  had 


to  self-manage  and  keep  its 
goals  in  sight.  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “CJ. whose 
name  and  employer  have 


hired  me  knowing  that  I  been  disguised  for  obvious 
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Microsoft 


taking  on  security 
threats,  easier. 


taking  on  dragons. 


1.  Put  the  fire  out. 

Knowing  what  to  do  if  there's  a  fire  is  always  smart. 
That  the  fire  spews  from  the  mouth  of  a  ferocious 
flying  serpent  should  make  no  difference. 


2.  Ask  for  a  break 

Searing  heat,  slashing  claws,  and  the  beating  wings  of  hell  will  tire 
anyone.  Say  you  need  a  break,  then  just  walk  quickly  out  the  back. 


1.  Implement  Microsoft  Forefront. 
Forefront  makes  defending  your  systems  easier.  It's  a 
comprehensive,  simple-to  use,  integrated  family  of 
products  that  helps  provide  protection  across  your 
client,  server,  and  network  edge.  Learn  how  Del 
Monte  Foods  uses  the  Forefront  family  of  products 
to  help  defend  their  systems.  Visit  easyeasier.com 
Forefront  is  business  security  software  for  client, 
server,  and  the  network  edge. 


who  would  have  known  how  to  shrink  an  unruly 
Dragon.  Magic  wand  and  spells  not  included. 


4.  Dragonslayer. 

You  learn  to  slay  Dragons  by  slaying 
Dragons.  Win  this  one  and  you'll  be 
an  in-demand  consultant  to  other 
Dragon-besieged  companies. 
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Storm  Central 

A  Web-bascd  tool  combining  3-D  satellite 
imagery  and  real-time  weather  data  helps 
crisis  managers  at  energy  company  BP  make 
quicker,  better  decisions.  By  Mary  K.  Pratt 


tools  like  satellite  feet 
mapping  systems  to  h 
track  and  manage  eve 
However,  the  piece 


work  on  Fortune’s  Gulf 
of  Mexico  information 
management  team. 

■  Team  members  didn't 
calculate  an  ROI  but 
say  the  company’s  Cri¬ 
sis  Management  Sys- 

and  crisis  managers 


way  to  help  them  do  their  and  utilities  ar 

jobs:  BP’s  Crisis  Manage-  ner  Inc.  “It’s  b 

alyst  at  Gart-  ricane  comes  through,  the 
sically  being  company  has  to  decide  who 

ment  System.  It  uses  3-D  able  to  assess 

satellite  imagery,  real-time  1  and  respond  n 

he  situation  and  what  needs  to  be  moved 

uch  quicker,  1  in  the  Gulf  and  in  vulner- 

Getting  the  Job 
Done  -  Fast 

Projects  program  manager  Susan  Warbur- 
ton  and  chief  architect  John  Maio  delivered 

BP's  Crisis  Management  System  in  less  than 
three  months  using  the  rapid  deployment 

we  get  things  up  very  quickly  and  at  a 
low  cost.” 

Warburton  and  Maio  say  that  while  de¬ 
veloping  a  prototype  was  a  big  part  of  their 
strategy,  they  also  drew  on  their  relation¬ 
ships  with  business  partners  to  quickly  build 
a  tool  that  really  works. 

“We  live  and  breathe  with  the  business. 

We'd  sit  in  on  the  incident  commend  posts 

Warburton  and  Maio  took  six  weeks  to 
develop  a  prototype  of  the  tool  that  users 
could  then  try  out  and  provide  feedback  on. 

It's  a  methodology  the  pair  generally  use  on 
all  projects. 

and  these  scenarios  to  see  how  they  handle 
a  hurricane  coming  in,  so  we  quickly  under¬ 
stand  what  the  business  needs  from  a  tech¬ 
nology  perspective,"  Warburton  says. 

Maio  notes  that  he  and  Warburton  are  good 

ourselves  going  back  and  filling  in  some 
gaps."  Maio  says.  “But  from  a  positive  side. 

really  want?'" 

-  MARY  K.  PRATT 

■  COMPUTERWORLD  HONORS 

Storm  Central 

because  you're  able  to  pull 
all  that  information  togeth 
er,  assess  the  damage  and 
prioritize  response.” 

BP  had  been  moving  to- 

A  Web-based  tool  combining  3-D  satellite 
imagery  and  real-time  weather  data  helps 
crisis  managers  at  energy  company  BP  make 
quicker,  better  decisions.  By  Mary  K.  Pratt 

ward  the  development  of  il 
Crisis  Management  Systen 
for  several  years.  The  com 
pany  already  had  high-tecl 
tools  like  satellite  feeds  an 
mapping  systems  to  help 
track  and  manage  events. 

However,  the  pieces 

■  -  -■ - RIAN  AUTIO  has 

1  ITAflllNCF  1  I  to  predict  Mother 

■  AT  A  GLANCE  I— ^  Nature  ^ 

1  ■  BP  PLC  is  a  global  |  1  employer,  energy 

1  energy  company  with  PLC’ 

weather  data,  and  a  visual 
representation  of  the  com¬ 
pany's  workers,  their  homes 
and  corporate  assets  to 
deliver  a  truly  visual  assess¬ 
ment  of  what's  happening 

didn’t  always  work  togethe 
Autio  says  he  would  spend 
three  or  four  hours  before 
planning  meeting  manuall 
pulling  data  from  up  to  20 
databases  and  Web-based 

Waltham,  i 


irykpratt(a)verizon. 


Tougher  than  nails  for  maximum  throughput  Add  an  i600  to  your  business,  and 
enjoy  legendary  durability,  powerful  performance,  high  image  quality  and  exceptional 
value— on  an  ongoing  basis  that's  really  ongoing.  Nail  dev-- n  m-  w  productivity. 


Kodak 


Kodak  i600  Series  Scanners 


Visit  kodak.com/go/tuff 


Robert  L  Mitchell 

Reconsidering  Vista 


OK,  IT’S  NOT  PERFECT.  But  Windows  Vista  on  a 
new  PC  is  perfectly  serviceable  for  many  users.  In 
some  ways,  in  fact,  Vista  is  a  better  operating  sys¬ 
tem  than  Windows  XP.  Unfortunately,  XP’s  heir 
apparent  is  also  the  most  derided  and  discounted  Microsoft 
operating  system  since  Windows  Me. 


With  all  of  the  negative 
press  about  slower-than- 
expected  adoption  rates 
and  the  push  for  vendors 
to  continue  offering  an 
XP  option  on  new  PCs, 
users  may  be  left  with  the 
impression  that  anything 
is  better  than  opting  for 
Vista  —  including  paying 
a  premium  to  downgrade 
to  Windows  XP  when 
buying  a  new  PC. 

That’s  a  bit  extreme. 
Granted,  the  operat¬ 
ing  system  has  its  share 
of  glitches  and  issues. 
Higher-end  versions  are 
pricey,  and  Vista  requires 
state-of-the-art  hardware 
for  optimum  perfor¬ 
mance.  But  more  than 
a  year  after  its  release, 
Vista  with  SP1  is  reason¬ 
ably  stable  and  probably 
more  secure  than  XP.  It’s 
also  technically  more 
advanced  than  its  seven- 
year-old  predecessor. 

As  developers  bring 
products  to  market  that 
exploit  unique  Vista 
capabilities,  such  as  the 
Presentation  Graphics 


subsystem  and  support 
for  Sidebar  gadgets,  us¬ 
ers  will  want  them.  But 
those  who  buy  XP  with 
that  new  PC  won’t  have 
access  to  those  applica¬ 
tions  because  they  will 
be  working  through  an 
operating  system  de¬ 
signed  in  the  late  ’90s  to 
run  on  millennium-era 
hardware.  What’s  more, 
general  support  for  that 
“new”  XP  operating  sys¬ 
tem  will  end  next  April, 
even  though  many  con¬ 
sumers  will  keep  those 
machines  for  five  years. 

If  users  buying  new 
PCs  are  going  to  stick 
with  Windows,  they 
should  get  machines  with 
Vista  preloaded.  Sure, 
the  incessant  barking  of 
security  warnings  is  an¬ 
noying,  but  those  can  be 


bring  products  to 
market  that  exploit 
unique  Vista  capa¬ 
bilities.  users  will 
want  them. 


muzzled.  Windows  is  the 
platform  on  which  users 
run  the  applications  that 
do  the  real  work.  Those 
applications  will  increas¬ 
ingly  exploit  and  rely  on 
Vista’s  capabilities. 

In  a  market  that 
watches  shipments  as 
if  they  were  movie  box- 
office  grosses,  Vista 
has  fallen  short  of  very 
public  expectations.  But 
although  Vista  hasn’t 
been  a  blockbuster  on  par 
with  Windows  95,  gen¬ 
eral  penetration  rates  for 
the  operating  system  are 
following  the  same  slow, 
steady  trajectory  as  those 
for  Windows  XP,  accord¬ 
ing  to  a  June  report  by 
Bernstein  Research. 

For  business,  the  Vista 
adoption  calculation  has 
many  more  variables. 
And  there’s  no  need  to 
rush.  Enterprises  can 
continue  to  install  their 
own  XP  system  images 
onto  new  hardware,  and 
the  security  updates  that 
businesses  need  will  be 
available  until  2014.  By 


then,  Vista’s  successor 
should  be  established. 

But  there  is  also  some¬ 
thing  to  be  said  for  stay¬ 
ing  current  with  your 
users.  Vista  is  shipping 
on  most  new  Windows 
PCs  in  the  retail  channel 

—  Microsoft  claims  to 
have  shipped  140  million 
copies  as  of  March  2008 

—  and  it’s  a  sure  bet  that 
most  of  those  licenses 
aren’t  being  downgraded 
to  XP.  That  means  users 
will  increasingly  be  run¬ 
ning  Vista  at  home. 

At  least  one  wavering 
CIO  sees  this  as  a  politi¬ 
cal  issue.  He  worries  that 
if  users  accept  Vista  at 
home  and  businesses 
wait  for  Windows  7,  IT 
may  look  lethargic  in  its 
efforts  to  deploy  the  lat¬ 
est  technology  to  meet 
business  needs.  By  the 
time  Windows  7  is  ready 
for  enterprise  use,  XP 
will  be  at  least  10  years 
old.  At  that  point,  being 
on  the  trailing  edge  with 
XP  could  hurt  IT’s  cred¬ 
ibility  and  make  kicking 
off  more-ambitious  proj¬ 
ects  difficult,  he  says. 

In  the  end,  the  Vista 
decision  involves  striking 
a  delicate  balance  be¬ 
tween  political,  technical 
and  business  issues.  Wait 
or  migrate?  Both  choices 
involve  some  risks.  ■ 
Robert  L.  Mitchell  is  a 
Computerworld  national 
correspondent.  Contact 
him  at  robert_mitchell@ 
computerworld.com. 
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Microsoft  is  expanding  its  use  of  performance-based  testing  (PBT)  in  its 
certification  exams.  With  PBT.  exam  takers  are  presented  with  real-worid 
problems  and  must  apply  the  cencepts  and  technologies  they  are  being  tested 
on  to  reach  a  solution.  The  method  is  seen  as  a  way  of  enhancing  the  value 
of  a  certification,  because  certified  IT  workers  will  have  demonstrated  that 
they  know  how  to  use  the  technology  in  question,  as  opposed  to  being  able  to 
memorize  jargon  or  even  buy  pirated  test  answers.  Microsoft  currently  uses 
PBT  in  five  of  its  exams  and  expects  to  add  it  to  a  sixth  this  summer.  It  plans  to 
introduce  PBT  to  even  more  of  its  exams  over  the  next  year  and  a  half. 


■  Q&A 

Jack  Cullen 

1 :J— t,  staffing 


prov  ider  Modis  talks  about  trends 
affecting  workforce  availability. 


What  IT  skills  an  most 
needed  right  now?  Is  de¬ 
mand  up.  down  or  holding 
steady?  The  IT  skills  we  see 
most  in  demand  at  this  point  in 
time  include  .Net,  Java.  J2EE. 

SAP  and  Oracle.  Positions  that  we 
have  experienced strong  demand 
for  include  business  analysts, 
project  managers,  help  desk/call 
center  support  staffers  and  quality 
assurance  specialists.  Overall,  de¬ 
mand  is  down  slightly  from  where 
it  was  at  this  time  last  year. 

What  are  somaofthe  dtffi- 


erasing  supply-and-demand 
disparities,  since  workers 
can  often  provide  their  ser¬ 
vices  without  moving  to  a 

new  area?  Despite  the  fact  that 
mobility  has  improved  dramatical¬ 
ly.  most  hiring  managers  want  the 
IT  worker  to  be  on-site  lor  a  major¬ 
ity  of  the  project.  Over  85%  of  the 
positions  we  staff  seek  candidates 
that  are  willing  to  work  at  the  loca¬ 
tion  of  the  particular  project. 


What  should  companies 
do  as  they  look  to  recruit 
talented  IT  professionals? 

Companies  need  to  see  the  com¬ 
plete  picture  that  an  individual 
brings  toaprojecl  The  highest 
level  of  technical  expertise  does 
not  always  assure  them  that  they 
are  getting  the  person  they  need. 
Making  sure  a  person  can  work 
in  a  pressure  environment  or  can 
function  properiy  on  a  team  are 
critical  skills  that  aren't  always 
apparent  during  the  interview 
process.  You  should  avoid  mak¬ 
ing  a  decision  on  the  interview 
alone.  The  firm  that  represents  the 


The  biggest  challenge  is  the  slow¬ 
ness  of  the  hiring  manager.  De¬ 
spite  the  fact  that  the  supply  pool 
is  still  less  than  optimal,  managers 
are  slow  to  hire  because  they  are 
searching  for  the  perfect  match. 
This  has  a  tendency  to  backfire  on 
the  project,  because  by  the  time 
the  hiring  manager  finally  makes 
that  decision,  the  candidate  being 


Do  you  notice  geographical 
differences?  There  are  slight 
geographical  differences,  but  for 
the  most  part,  the  skill  sets  and 
positions  I  listed  are  in  demand 
across  all  of  North  America. 

Is  increased  connectivity 


log  on  the  individual  that  includes 
at  least  three  references  of  a 
similar  project,  skill  assessment 
and  ranking,  background  check, 
and  an  accurate  profile  of  the 
candidate's  personality. 

Anything  else  you  would  like 
to  add?  Most  managers  do  not 
enjoy  or  have  time  for  the  hiring 
process.  However,  making  a  wrong 
hire  can  have  a  severe  impact  on 
theoutcomeoftheprojectand  I 
cancostthehiringmanagertheir  | 
position  within  their  company.  Le-  a 
verage  the  consulting  firm  or  place-  J 
ment  agency  that  you  are  working  o 
withsothisbecomesapain-free  £ 
process  and  you  can  focus  more  o 
time  on  delivering  the  project  g 
-  JAMIE  ECKLE  £ 
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COMPUTERWORLD’S 
10  IT  SCHOOLS 
TO  WATCH 

Computerworld’s  special 
report,  will  profile  forward- 
thinking  IT  graduate  pro¬ 
grams  selected  for  making 
their  programs  relevant  to 
today’s  work  world. 

Colleges  and  universities  have  been 
criticized  for  producing  graduates 
with  already-obsolete  IT  skills.  But 
these  10  leading-edge  graduate 
schools  are  moving  at  the  pace  of  the 
IT  workplace,  preparing  today's  IT 
professionals  for  tomorrow’s  world. 
Computerworld  consistently  deliv¬ 
ers  relevant  career  content  to  help  IT 
professionals  manage  their  careers 
and  development.  Reaching  over 
one  million  weekly  print  readers  and 
over  two  million  visitors  to  Computer- 
world.com  monthly.  Computerworld 
can  put  your  advertising  message  in 
front  leading  IT  talent. 

Methodology: 

Working  from  a  list  of  55  finalists- 
created  by  a  team  of  IT  recruiters, 
CIO’s  and  academic  acfvisors-Com- 
puterworld  editors  selected  10  IT 
graduate-level  programs  because 
of  their  highly  innovative  curricula 
and  relevance  to  today’s  IT/business 
world.  In  addition,  a  companion  sur¬ 
vey  of  alumni  will  determine  their  lev¬ 
el  of  satisfaction  with  the  programs. 

Space  reservation  deadline: 

August  6 

For  advertising  details  contact: 
Laura  Wilkinson:  847-441-8877  or 
email:  laura_wilkinson@itcareers.net 
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Shamank 

so  he  can  start  a  trace.  But 
by  the  time  programmer  calls 
again,  hsh  is  hip-deep  in  a 
high-priority  problem.  Hang 

eo  showing  employees  violat¬ 
ing  the  smoke-free  workplace 
rules.  "People  are  apparently 
lighting  up  as  soon  as  they 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 

Now,  b  That  Nice?  ;  couldn't  help  but  ask,  -Is  Fred 

Pilot  fish  does  routine  mainte-  ;  doing  OK?  He's  my  co-worker, 
nance  at  this  customer's  data  :  and  last  week  he  was  pretty 
center  each  weekend -and  1  bummed  because  his  girl- 
it's  unpleasant.  "The  security  ;  friend  broke  up  with  him.'The 
guard  seemed  to  despise  the  ;  young  woman  looked  at  me 
computer  company  1  work  ;  as  H 1  had  just  given  her  the 

tight,  he  tells  programmer. 

A  minute  later,  hsh  receives 
an  automated  alert  report¬ 
ing  that  programmer's  app 
has  crashed  again.  Next  day, 
programmer  calls  and  asks 
hsh.  “Did  you  see  anything  in 
the  trace?"  No,  there  was  no 
trace,  hsh  says.  Why  didn’t 
you  wait  until  1  could  get  set 
up?  Programmer:  "It  was  an 

get  into  their  cars,”  says 
hsh.  "The  rule  states  that 
they  can’t  light  up  until  they 
are  outside  the  gate.  When 
afterward  1  point  out  that  the 
system  Is  not  capable  of  that 
kind  of  imaging,  especially 
when  shot  from  a  hxed-focus, 
wide-angle  rooftop  camera, 
the  HR  director  says,  ‘1  only 
said  that.  They  don't  know 

for,”  fish  says.  “Every  week-  best  Christmas  present  in  the 

end  1  was  forced  to  listen  to  !  world,  and  the  guard  looked 

his  vitriol,  and  company  policy  j  at  me  like  he  wanted  me  to  die 
forbade  me  from  respond-  ;  on  the  spot.  But  man,  it  was 

ing."  But  one  morning,  a  very  ;  so  worth  it!" 
pretty  young  woman  comes  j 
into  the  computer  room,  and  ■  Yearl,  KHJtTt 
it  all  becomes  clear:  Turns  out  j  Programmer  at  a  remote 
she  and  the  guard  are  taking  ;  site  is  testing  changes  to  a 
:  a  programming  class,  and  the  I  mainframe  application,  but 
guard  is  positively  beaming  1  they  keep  causing  the  test 
that  she  needs  his  help.  And  !  system  to  crash.  So  he  calls 
the  course  instructor  is  one  j  this  systems  programmer 

1  had  a  manual  on  top  of  my 
monitor,  and  it  fell  and  hit  the 
Enter  key."  Says  hsh,  “1  shook 
my  head  and  replied  incredu¬ 
lously,  ‘That's  amazing!'  and 
hung  up.  He  called  right  back. 

1  told  him.  ‘Sorry,  a  manual 
dropped  on  my  phone  switch 
hook  and  disconnected  us.' " 

Bet  They  Do  Now 

Pilot  hsh  in  charge  of  security 

Want  to  bet?’ 

■  Bet  on  Sharky.  Send  me  your 
true  tale  of  IT  life  at  sharky@  ; 

computeruiortd.com.  I'll  send  \ 

you  a  stylish  Shark  shirt  if  I  ; 

O  MEED  TO  VENT  YOUR  SPLEEN? 

Toss  some  chum  into 

Shatlt  Bait.  It's  therapeutid  ^ 

©  CHECK  OUT  Sharky  s  Woq.  browse  the 

the  young  woman  idolizes.  !  to  set  up  the  problem  transac- 

Reportshsh,  "Seeing  this,  1  1  tion  and  then  call  fish  back 

meeting,  where  he  hears  the 

HR  director  claim  to  have  vid- 

|  Shartoves  and  sign  up  for  Shark  Tarto  home  j 

I  FRANKLY  SPEAKING 


Frank  Hayes 

One  Risky  Point 


SINGLE  POINT  OF  FAILURE.  That’s  the  right  term 
for  talking  about  the  mess  in  San  Francisco,  where 
last  week  the  city  government  finally  regained  control 
of  its  backbone  network.  Terry  Childs,  the  net  admin 
jailed  for  locking  down  administrative  access,  turned  over  the 
passwords  during  a  secret  visit  from  Mayor  Gavin  Newsom. 


Childs'  lawyer  said 
Childs  hadn’t  divulged 
the  passwords  sooner  be¬ 
cause  he  believed  “none 
of  the  persons  who  re¬ 
quested  the  password  in¬ 
formation  . . .  were  quali¬ 
fied  to  have  it,”  according 
to  court  filings. 

We’re  starting  to  get 


the  case,  now  that  the 
impasse  has  broken  (see 
story,  page  16).  But  until 
Childs  revealed  the  pass¬ 
words,  all  we  knew  for 
sure  was  that  Childs  was 
in  jail  and  that  the  net¬ 
work  was  still  working 
but  couldn’t  be  managed. 

Beyond  that,  it's  been 
Rashomon  in  IT.  Depend¬ 
ing  on  who's  telling  the 
story,  Childs  is  a  brilliant 
network  engineer  who 
did  nothing  wrong.  Or 
possibly  a  cyberterrorist 
who  held  the  government 
hostage.  Or  maybe  just  an 
overstressed,  bumed-out 
guy  who’s  the  victim  of  a 
misunderstanding. 

San  Francisco’s  IT 
management?  That’s  a 


bunch  of  tech-clueless 
bureaucrats.  Or  maybe 
it’s  a  gang  of  goons  who 
are  out  to  get  Childs  no 
matter  the  cost.  Or  per¬ 
haps  it’s  a  group  of  con¬ 
scientious  public  servants 
whose  only  concern  was 
regaining  control  of  a 
crucial  network  that 
might  have  been  full  of 
booby  traps. 

Childs’  erstwhile  co¬ 
workers?  They’re  half¬ 
wits  who  couldn’t  man¬ 
age  that  backbone  with 
both  hands  and  a  map. 

Or  innocent  victims  of  a 
network  guru  with  a  God 
complex.  Or  enablers 
who  helped  create  the 
mess  by  their  silence. 

From  news  reports  to 
blog  comments,  the  reac¬ 
tions  have  been  stunning 

■  A  single  point  of 
failure  is  a  reliabil¬ 
ity  problem.  That’s 
something  techies 
and  managers, 
gurus  and  grunts 
can  all  understand. 


in  their  vehemence  and 
variety.  And  there’s  not 
one  yawning  gulf  here, 
but  many:  between  te¬ 
chies  and  nontechnical 
managers,  between  gurus 
and  regular  IT  grunts, 
between  designers  and 
administrators,  between 
security  wonks  and  op¬ 
erations  guys,  between 
practicing  network  ex¬ 
perts  and  best-practices 
pundits. 

It  seems  like  suddenly 
we  can  agree  on  nothing. 
But  maybe  we  can  all  rec¬ 
ognize  this: 

Terry  Childs  was  a 
single  point  of  failure. 

Never  mind  whether 
he’s  saint  or  sinner,  vil¬ 
lain  or  victim.  Set  that 
aside  for  now. 

Focus  on  this:  Childs 
was  the  only  guy  who 
understood  that  fiber 
backbone  network.  He 
designed  it.  He  ran  it.  He 
maintained  it.  He  con¬ 
trolled  it  And  nobody 
could  replace  him. 

In  other  words,  a  single 
point  of  failure. 


Forget  whether  that 
situation  was  because  of 
cheapness,  arrogance,  in¬ 
competence  or  paranoia. 
The  result  was  the  same: 
If  something  happened  to 
Childs  —  a  stroke,  a  car 
accident,  a  breakdown, 
a  job-related  “misunder¬ 
standing”  —  that  single 
point  would  fail. 

And  it  did. 

Look,  this  San  Fran¬ 
cisco  fiasco  has  thrown 
a  spotlight  on  every  ugly 
division  in  the  IT  profes¬ 
sion.  We  see  it  as  a  matter 
of  control  or  expertise  or 
responsibility  or  stupid¬ 
ity  or  freedom.  We  see  it 
as  us  vs.  them,  and  that 
reaches  into  our  deepest 
fears  and  anger. 

So  remember  this:  A 
single  point  of  failure 
is  a  reliability  problem. 
That’s  something  techies 
and  managers,  gurus  and 
grunts  can  understand. 

We  all  have  at  least  one 
single  point  of  failure 
lurking  somewhere  in  our 
IT  operations.  Waiting 
until  it  generates  a  crisis 
that  spirals  into  finger¬ 
pointing,  frustration  and 
fear  is  not  the  way  to  go. 

There’s  really  only  one 
good  way  to  deal  with 
a  single  point  of  failure: 
Find  it  and  cure  it  before 
it  fails.  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
atfrank_hayes@ 
computerworld.com. 


Anywhere.  Anytime. 

Can't  get  enough  of  Computerworld? 

No  matter  where  you  are,  Computerworld  is  there. 

Keep  up  with  the  latest  technology  news  on  your  PDA. 

www.computerworld.com 
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UPTIME  COMES  STANDARD.  xeon 


Powerful. 

Efficient. 


IBM  System  x3550  Express.  It  s  designed  to  stay  up 
running  and  help  reduce  system  downtime.  In  tact,  it  ( 
even  identify  a  potential  problem  before  it  becomes  01 
And  if  you  ever  have  to  replace  a  component,  you  car 
that  without  having  to  shut  down.  Just  one  more  way  tl 
x3550  Express  keeps  downtime  down. 

From  the  people  and  Business  Partners  of  IBM. 

It's  innovation  made  easy. 


IBM  TIVOLI’  CONTINUOUS  DATA  PROTECTION  FOR  FILES 

$42  per  user 


All-in-one  kit  makes  it  easier  to  migrate  from  your  DAS  network  to  SAN 

Continuous  Data  Protection  (CDP)  protects  your  data  from  the  aftermath  of  a 

irus 

ports),  twelve  4Gb/s  SFPs.  and  eight  5- meter  optical  LC  cables  Up  to  3  backup/replication  areas  help  protect  against  corruption,  tile  loss  or 

COMPLIMENTARY  SYSTEMS  ADVISOR  TOOL 

Want  to  find  the  right  server  or  storage  system  for  you? 

Our  Systems  Advisor  Tool  can  help.  Just  give  the  tool  a  little 
input,  and  it  will  identify  products  that  can  help  meet  your 
business  needs.  Get  started  now  at  ibm.com/systems/uptime 

T  =  =—  express 
==£T=  advantage 

!  ibm.com/systems/uptime 

1  866-872-3902  (mention  6N8AH04A) 

